Jump to content

My ctrl, alt and del quit working


Recommended Posts

My ctrl, alt and del quit working so I did a AVG scan and Spybot S & D and came up with the following: Trojan horse Rootkit.Paks U.... G:\Windows\system32\drivers\atapi.sys

As of right now I can't get into my MSN and have to use my other computer and my ctrl, alt and del still don't work....Help

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:52:11 AM, on 3/12/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

G:\WINDOWS\Explorer.EXE

G:\WINDOWS\vsnpstd3.exe

G:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

G:\Program Files\Common Files\Real\Update_OB\realsched.exe

G:\Program Files\COMODO\COMODO Internet Security\cfp.exe

G:\Program Files\Java\jre6\bin\jusched.exe

H:\Program Files\ThreatFire\TFTray.exe

G:\PROGRA~1\AVG\AVG9\avgtray.exe

G:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

G:\WINDOWS\system32\ctfmon.exe

G:\Program Files\Windows Live\Messenger\msnmsgr.exe

H:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe

H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

G:\Program Files\Skype\Phone\Skype.exe

G:\WINDOWS\system32\rundll32.exe

G:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

G:\Program Files\Skype\Plugin Manager\skypePM.exe

G:\Program Files\Windows Live\Contacts\wlcomm.exe

G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS/701

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - G:\Program Files\New Folder\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - G:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - G:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - H:\PROGRA~1\TWEAKM~1\TweakBHO.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - G:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - G:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - G:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - G:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - G:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - G:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - G:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - G:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - G:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - G:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [Dell Performance USB keyboard hotkey blocker] G:\Program Files\Dell\USBKEYBLCK\USBKeyBlock.exe

O4 - HKLM\..\Run: [tsnpstd3] G:\WINDOWS\tsnpstd3.exe

O4 - HKLM\..\Run: [snpstd3] G:\WINDOWS\vsnpstd3.exe

O4 - HKLM\..\Run: [spywareTerminator] "G:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [WheelMouse] G:\Program Files\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [TkBellExe] "G:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [COMODO Internet Security] "G:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [sunJavaUpdateSched] "G:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ThreatFire] H:\Program Files\ThreatFire\TFTray.exe

O4 - HKLM\..\Run: [TweakMASTER] "H:\PROGRA~1\TWEAKM~1\TMTray.exe"

O4 - HKLM\..\Run: [DU Meter] G:\Program Files\DU Meter\DUMeter.exe

O4 - HKLM\..\Run: [Adobe ARM] "G:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [RoxioEngineUtility] "G:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "G:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "G:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [start WingMan Profiler] G:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui

O4 - HKLM\..\Run: [AVG9_TRAY] G:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "G:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [spywareTerminatorUpdate] "G:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe"

O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "H:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" /startup

O4 - HKCU\..\Run: [sUPERAntiSpyware] H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [skype] "G:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [dbatmsound] rundll32.exe "G:\Documents and Settings\K. Albert 2\Local Settings\Application Data\dbatmsound\dbatmsound.dll", DllInit

O4 - HKCU\..\Run: [FreeRAM XP] "G:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

O4 - HKCU\..\Run: [spybotSD TeaTimer] G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O8 - Extra context menu item: Add to &LinkFox - res://H:\PROGRA~1\TWEAKM~1\TweakBHO.dll/IESCRIPT

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - G:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - G:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - G:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - G:\Program Files\PokerStars.NET\PokerStarsUpdate.exe

O9 - Extra button: The Gaming Club - {CFA80FFD-AE33-436C-8488-CCF561F1FECF} - G:\Microgaming\Casino\GamingClub\casinogame.exe (HKCU)

O10 - Unknown file in Winsock LSP: g:\windows\system32\hmipcore.dll

O10 - Unknown file in Winsock LSP: g:\windows\system32\hmipcore.dll

O10 - Unknown file in Winsock LSP: g:\windows\system32\securenet.dll

O10 - Unknown file in Winsock LSP: g:\windows\system32\securenet.dll

O10 - Unknown file in Winsock LSP: g:\windows\system32\securenet.dll

O10 - Unknown file in Winsock LSP: g:\windows\system32\hmipcore.dll

O13 - Gopher Prefix:

O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.co...eqlabdetect.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1250257624859

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{17496C10-8644-4DD8-B7DD-9175FE1E9F98}: NameServer = 192.168.1.254

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - G:\Program Files\AVG\AVG9\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - G:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - G:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - AppInit_DLLs: G:\WINDOWS\system32\guard32.dll

O20 - Winlogon Notify: !SASWinLogon - H:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: avgrsstarter - G:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - G:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - G:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - G:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - G:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - G:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HideMyIpSRV - Unknown owner - H:\Program Files\Hide My IP\HideMyIpSrv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - G:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - G:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: PnkBstrA - Unknown owner - G:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - G:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - G:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: ThreatFire - PC Tools - H:\Program Files\ThreatFire\TFService.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - G:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - G:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - G:\Program Files\Webroot\Washer\WasherSvc.exe

--

End of file - 12798 bytes

Link to post
Share on other sites

  • Replies 73
  • Created
  • Last Reply

Top Posters In This Topic

Hi Mel Adjusted And

:lol:

GMER

  • Download GMER by GMER from one of the links below:
    Link1
    Link2
  • Unzip it to a folder on your desktop
  • Double click on gmer.exe to launch GMER
  • If asked, allow the gmer.sys driver load
  • If it warns you about rootkit activity and asks if you want to run scan, click OK
  • If you don't get a warning then
    • Click the rootkit tab
    • Click Scan

    [*]Once the scan has finished, click copy

    [*]Paste the log into notepad using Ctrl+V

    [*]Save it to your desktop as gmerrk.txt

    [*]Click on the >>> tab

    [*]This will open up the rest of the tabs for you

    [*]Click on the Autostart tab

    [*]Click on Scan

    [*]Once the scan has finished, click copy

    [*]Paste the log into notepad using Ctrl+V

    [*]Save it to your desktop as gmerautos.txt

    [*]Send the contents of gmerautos.txt and gmerrk.txt as a reply to this topic

Link to post
Share on other sites

I tried to run GMER in normal Windoes mode and kept getting a blue screen telling me my computor was in danger so I booted to SAFE MODE and thats where were at right now.

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit quick scan 2010-03-12 14:50:35

Windows 5.1.2600 Service Pack 3

Running: gmer.exe; Driver: G:\DOCUME~1\K6575~1.ALB\LOCALS~1\Temp\kgddrpow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

---- EOF - GMER 1.0.15 ----

Gallery\PhotoViewerShim.dll

@{00F30F90-3E96-453B-AFCD-D71989ECC2C7} /*Windows Live Photo Gallery Autoplay Drop Target Shim*/G:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll = G:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

@{39D328C0-C37A-11cf-BE99-0020AFD208B9} /*Shell extensions for Folio Infobases*/H:\PROGRA~1\GOSPEL~1\fcshell4.dll = H:\PROGRA~1\GOSPEL~1\fcshell4.dll

@{44440D00-FF19-4AFC-B765-9A0970567D97} /*TuneUp Theme Extension*/%SystemRoot%\System32\uxtuneup.dll = %SystemRoot%\System32\uxtuneup.dll

@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} /*TuneUp Shredder Shell Extension*/G:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll = G:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll

@{4838CD50-7E5D-4811-9B17-C47A85539F28} /*TuneUp Disk Space Explorer Shell Extension*/G:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll = G:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll

@{5E44E225-A408-11CF-B581-008029601108} /*Roxio DragToDisc Shell Extension*/G:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\shellex.dll /*file not found*/ = G:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\shellex.dll /*file not found*/

@{A44D5ACC-3411-40DE-9AD3-214FFB2ED7AC} /*My Media*/G:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\MediaSX.dll /*file not found*/ = G:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\MediaSX.dll /*file not found*/

@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG Shell Extension*/G:\Program Files\AVG\AVG9\avgse.dll = G:\Program Files\AVG\AVG9\avgse.dll

@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG Find Extension*/(null) =

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>

7-Zip@{23170F69-40C1-278A-1000-000100020000} = G:\Program Files\7-Zip\7-zip.dll

AVG9 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = G:\Program Files\AVG\AVG9\avgse.dll

Comodo Antivirus@{4255A182-CAD9-4214-A19B-7BA7FB633BBD} = G:\Program Files\COMODO\COMODO Internet Security\cavshell.dll

IZArcCM@{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} = G:\PROGRA~1\IZArc\IZArcCM.dll

LavasoftShellExt@{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =

MagicISO@{DB85C504-C730-49DD-BEC1-7B39C6103B7A} = H:\Program Files\MagicISO\misosh.dll

PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = G:\Program Files\PowerISO\PWRISOSH.DLL

SPTContMenu@{BD88A479-9623-4897-8546-BC62B9628F44} = G:\Program Files\Spyware Terminator\sptcontmenu.dll

TuneUp Shredder Shell Extension@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = G:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll

Washer@{6EE51AA0-77A0-11D7-B4E1-000347126E46} = G:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{CA8ACAFA-5FBB-467B-B348-90DD488DE003} = H:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>

7-Zip@{23170F69-40C1-278A-1000-000100020000} = G:\Program Files\7-Zip\7-zip.dll

IZArcCM@{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5} = G:\PROGRA~1\IZArc\IZArcCM.dll

MagicISO@{DB85C504-C730-49DD-BEC1-7B39C6103B7A} = H:\Program Files\MagicISO\misosh.dll

PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = G:\Program Files\PowerISO\PWRISOSH.DLL

TuneUp Disk Space Explorer Shell Extension@{4838CD50-7E5D-4811-9B17-C47A85539F28} = G:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll

TuneUp Shredder Shell Extension@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = G:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll

Washer@{6EE51AA0-77A0-11D7-B4E1-000347126E46} = G:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers@{CA8ACAFA-5FBB-467B-B348-90DD488DE003} = H:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>

AVG9 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = G:\Program Files\AVG\AVG9\avgse.dll

Comodo Antivirus@{4255A182-CAD9-4214-A19B-7BA7FB633BBD} = G:\Program Files\COMODO\COMODO Internet Security\cavshell.dll

InfobaseFindMenu@{39D328C0-C37A-11cf-BE99-0020AFD208B9} = H:\PROGRA~1\GOSPEL~1\fcshell4.dll

LavasoftShellExt@{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =

MagicISO@{DB85C504-C730-49DD-BEC1-7B39C6103B7A} = H:\Program Files\MagicISO\misosh.dll

MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = G:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = G:\Program Files\PowerISO\PWRISOSH.DLL

SPTContMenu@{BD88A479-9623-4897-8546-BC62B9628F44} = G:\Program Files\Spyware Terminator\sptcontmenu.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>

@{02478D38-C3F9-4efb-9B51-7695ECA05670}G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll = G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

@{18DF081C-E8AD-4283-A596-FA578C2EBDC3}G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

@{3049C3E9-B461-4BC5-8870-4C09146192CA}G:\Program Files\New Folder\rpbrowserrecordplugin.dll = G:\Program Files\New Folder\rpbrowserrecordplugin.dll

@{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}G:\Program Files\AVG\AVG9\avgssie.dll = G:\Program Files\AVG\AVG9\avgssie.dll

@{53707962-6F74-2D53-2644-206D7942484F}G:\PROGRA~1\SPYBOT~1\SDHelper.dll = G:\PROGRA~1\SPYBOT~1\SDHelper.dll

@{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}G:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll = G:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

@{7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C}H:\PROGRA~1\TWEAKM~1\TweakBHO.dll = H:\PROGRA~1\TWEAKM~1\TweakBHO.dll

@{9030D464-4C02-4ABF-8ECC-5164760863C6}G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = G:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

@{AA58ED58-01DD-4d91-8333-CF10577473F7}G:\Program Files\Google\Google Toolbar\GoogleToolbar.dll = G:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}G:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll = G:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll

@{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}G:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll = G:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

@{d2ce3e00-f94a-4740-988e-03dc2f38c34f}G:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll = G:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll

@{DBC80044-A445-435b-BC74-9C25C1C588A9}G:\Program Files\Java\jre6\bin\jp2ssv.dll = G:\Program Files\Java\jre6\bin\jp2ssv.dll

@{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}G:\Program Files\Windows Live\Toolbar\wltcore.dll = G:\Program Files\Windows Live\Toolbar\wltcore.dll

@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}G:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = G:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

@{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}G:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll = G:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = G:\WINDOWS\CSS.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>

@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157

@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157

HKCU\Software\Microsoft\Internet Explorer\Main >>>

@Default_Page_URLhttp://www.msn.com = http://www.msn.com

@Start Pagehttp://www.msn.com = http://www.msn.com

HKLM\Software\Classes\PROTOCOLS\Filter\x-sdch@CLSID = G:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>

belarc@CLSID = G:\Program Files\Belarc\Advisor\System\BAVoilaX.dll

dvd@CLSID = G:\WINDOWS\system32\msvidctl.dll

its@CLSID = G:\WINDOWS\system32\itss.dll

linkscanner@CLSID = G:\Program Files\AVG\AVG9\avgpp.dll

livecall@CLSID = G:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll

ms-its@CLSID = G:\WINDOWS\system32\itss.dll

msnim@CLSID = G:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

skype4com@CLSID = G:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

tv@CLSID = G:\WINDOWS\system32\msvidctl.dll

wia@CLSID = G:\WINDOWS\system32\wiascr.dll

wlmailhtml@CLSID = G:\Program Files\Windows Live\Mail\mailcomm.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{17496C10-8644-4DD8-B7DD-9175FE1E9F98} /*Local Area Connection*/ >>>

@IPAddress192.168.1.66 = 192.168.1.66

@NameServer192.168.1.254 = 192.168.1.254

@DefaultGateway192.168.1.254 = 192.168.1.254

@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>

000000000001@PackedCatalogItem = G:\WINDOWS\system32\HMIPCore.dll

000000000002@PackedCatalogItem = G:\WINDOWS\system32\HMIPCore.dll

000000000003@PackedCatalogItem = G:\WINDOWS\system32\SecureNet.dll

000000000004@PackedCatalogItem = G:\WINDOWS\system32\SecureNet.dll

000000000014@PackedCatalogItem = G:\WINDOWS\system32\SecureNet.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000033@PackedCatalogItem = G:\WINDOWS\system32\HMIPCore.dll

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

COMBOFIX 10-03-12.02 - K. Albert 2 03/12/2010 18:27:07.1.1 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.1215 [GMT -8:00]

Running from: g:\documents and settings\K. Albert 2\Desktop\Combo-Fix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

g:\documents and settings\K. Albert 2\Local Settings\Application Data\dbatmsound\dbatmsound.dll

g:\windows\regsvr32.exe

g:\windows\system32\sySInfo.ocx

.

((((((((((((((((((((((((( Files Created from 2010-02-13 to 2010-03-13 )))))))))))))))))))))))))))))))

.

2010-03-12 18:22 . 2009-10-15 13:10 476672 ---h--w- g:\documents and settings\K. Albert 2\Application Data\MSN6\unicows.dll

2010-03-12 18:22 . 2009-10-15 13:10 390144 ---h--w- g:\documents and settings\K. Albert 2\Application Data\MSN6\txsrvc.dll

2010-03-12 18:22 . 2009-10-15 13:38 131912 ---h--w- g:\documents and settings\K. Albert 2\Application Data\MSN6\msnupdate.exe

2010-03-12 17:03 . 2010-03-12 06:41 1007896 ----a-w- g:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

2010-03-12 17:03 . 2010-03-12 06:41 1658136 ----a-w- g:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-03-12 17:03 . 2010-03-12 06:41 800536 ----a-w- g:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll

2010-03-12 17:03 . 2010-03-12 06:41 613656 ----a-w- g:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe

2010-03-12 17:00 . 2009-10-15 13:11 183296 ----a-w- g:\documents and settings\K. Albert 2\Application Data\MSN6\MSNCoreFiles.NEW.{9D6EAA4F-27B2-4407-AC72-4BBD2FCB6ED1}\custsat.dll

2010-03-12 07:30 . 2010-03-12 15:53 -------- d-----w- g:\documents and settings\All Users\Application Data\MSNDynFiles

2010-03-12 07:23 . 2010-03-12 06:42 1260800 ----a-w- g:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe

2010-03-12 07:23 . 2010-03-12 06:42 3777280 ----a-w- g:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe

2010-03-12 06:58 . 2010-03-12 07:03 -------- d-----w- g:\documents and settings\All Users\Application Data\Comodo Downloader

2010-03-12 06:43 . 2010-03-12 07:46 -------- d-----w- G:\$AVG

2010-03-12 06:43 . 2010-03-12 06:43 12464 ----a-w- g:\windows\system32\avgrsstx.dll

2010-03-12 06:43 . 2010-03-12 06:43 360584 ----a-w- g:\windows\system32\drivers\avgtdix.sys

2010-03-12 06:42 . 2010-03-12 06:42 333192 ----a-w- g:\windows\system32\drivers\avgldx86.sys

2010-03-12 06:42 . 2010-03-12 06:42 28424 ----a-w- g:\windows\system32\drivers\avgmfx86.sys

2010-03-12 06:42 . 2010-03-12 06:42 -------- d-----w- g:\windows\system32\drivers\Avg

2010-03-12 06:41 . 2010-03-12 06:41 -------- d-----w- g:\program files\AVG

2010-03-12 06:41 . 2010-03-12 06:41 -------- d-----w- g:\documents and settings\All Users\Application Data\avg9

2010-03-12 05:43 . 2010-03-12 06:48 -------- d-----w- g:\program files\Spybot - Search & Destroy

2010-03-12 05:43 . 2010-03-12 06:45 -------- d-----w- g:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-03-05 11:10 . 2010-01-30 18:48 266552 ----a-w- g:\windows\system32\HMIPCore.dll

2010-03-04 03:54 . 2010-03-04 03:54 276648 ----a-w- g:\windows\system32\guard32.dll

2010-03-04 03:54 . 2010-03-04 03:54 86720 ----a-w- g:\windows\system32\drivers\inspect.sys

2010-03-04 03:54 . 2010-03-04 03:54 25160 ----a-w- g:\windows\system32\drivers\cmdhlp.sys

2010-03-04 03:54 . 2010-03-04 03:54 214056 ----a-w- g:\windows\system32\drivers\cmdGuard.sys

2010-03-04 03:54 . 2010-03-04 03:54 15376 ----a-w- g:\windows\system32\drivers\cmderd.sys

2010-03-01 07:47 . 2010-03-01 07:47 -------- d-----w- g:\program files\ABF software

2010-02-26 15:41 . 2010-02-26 15:41 -------- d-----w- g:\program files\Common Files\Skype

2010-02-23 01:54 . 2010-02-23 01:54 84480 ----a-w- g:\documents and settings\K. Albert 2\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.66.0A.dll

2010-02-22 06:43 . 2010-02-22 06:43 84480 ----a-w- g:\documents and settings\K. Albert 2\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.64.0A.dll

2010-02-21 05:33 . 2008-04-14 08:09 14592 -c--a-w- g:\windows\system32\dllcache\kbdhid.sys

2010-02-21 05:33 . 2008-04-14 08:09 14592 ----a-w- g:\windows\system32\drivers\kbdhid.sys

2010-02-21 05:31 . 2010-02-21 05:31 -------- d-----w- g:\program files\Common Files\Logitech

2010-02-21 05:31 . 2010-02-21 05:31 -------- d-----w- g:\program files\Logitech

2010-02-19 20:47 . 2010-02-19 21:24 401408 ------w- g:\windows\Setup1.exe

2010-02-19 20:46 . 2010-02-19 21:24 73216 ----a-w- g:\windows\ST6UNST.EXE

2010-02-18 17:02 . 2006-11-11 10:25 66944 ----a-w- g:\windows\system32\drivers\thdudf.sys

2010-02-18 17:02 . 2009-11-19 16:53 5632 ----a-w- g:\windows\system32\drivers\copyhddvdhlp.sys

2010-02-18 17:02 . 2009-11-18 23:32 42496 ----a-w- g:\windows\system32\ElbyHlper.dll

2010-02-18 17:02 . 2009-11-18 22:15 90112 ----a-w- g:\windows\system32\ElbyCDI0.dll

2010-02-18 17:02 . 2009-11-12 03:22 104512 ----a-w- g:\windows\system32\drivers\dvdhlp.sys

2010-02-18 17:02 . 2009-10-18 07:45 29864 ----a-w- g:\windows\system32\drivers\ElbyCDI0.sys

2010-02-17 19:02 . 2010-02-17 19:02 95315 ----a-r- g:\documents and settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_4a6b7469.exe

2010-02-17 19:02 . 2010-02-17 19:02 61203 ----a-r- g:\documents and settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_73377782.exe

2010-02-17 19:02 . 2010-02-17 19:02 57332 ----a-r- g:\documents and settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_4afe4714.exe

2010-02-17 19:02 . 2010-02-17 19:02 53559 ----a-r- g:\documents and settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_4a6e1e65.exe

2010-02-17 19:02 . 2010-02-17 19:02 53394 ----a-r- g:\documents and settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_4a724862.exe

2010-02-17 19:02 . 2010-02-17 19:02 46502 ----a-r- g:\documents and settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_76c33809.exe

2010-02-17 19:02 . 2010-02-17 19:02 3638 ----a-r- g:\documents and settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_5366915.exe

2010-02-17 19:02 . 2010-02-17 19:02 14846 ----a-r- g:\documents and settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_4a75725e.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-13 02:15 . 2009-06-30 13:04 -------- d-----w- g:\documents and settings\K. Albert 2\Application Data\Skype

2010-03-13 01:12 . 2009-06-30 13:07 -------- d-----w- g:\documents and settings\K. Albert 2\Application Data\skypePM

2010-03-12 18:22 . 2009-06-30 12:50 -------- d-----w- g:\documents and settings\K. Albert 2\Application Data\MSN6

2010-03-12 12:32 . 2009-07-02 12:48 -------- d-----w- g:\program files\WinClamAVShield

2010-03-12 12:32 . 2009-07-02 12:47 -------- d-----w- g:\documents and settings\All Users\Application Data\Spyware Terminator

2010-03-12 07:56 . 2009-06-30 10:29 -------- d-----w- g:\program files\Asistente Prodigy

2010-03-12 07:14 . 2009-06-30 11:50 -------- d-----w- g:\documents and settings\All Users\Application Data\Comodo

2010-03-12 07:03 . 2009-06-30 11:49 -------- d-----w- g:\program files\COMODO

2010-03-12 02:21 . 2009-07-02 12:47 -------- d-----w- g:\program files\Spyware Terminator

2010-03-10 21:56 . 2009-07-02 12:47 -------- d-----w- g:\documents and settings\K. Albert 2\Application Data\Spyware Terminator

2010-03-09 21:23 . 2009-07-03 13:48 1 ----a-w- g:\documents and settings\K. Albert 2\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-03-09 04:57 . 2009-07-02 12:03 -------- d-----w- g:\documents and settings\K. Albert 2\Application Data\uTorrent

2010-03-06 06:18 . 2009-07-02 12:53 -------- d-----w- g:\program files\Malwarebytes' Anti-Malware

2010-03-04 15:23 . 2009-11-27 11:22 117760 ----a-w- g:\documents and settings\K. Albert 2\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-03-04 15:20 . 2009-08-18 21:13 5115824 ----a-w- g:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-02-28 06:10 . 2009-07-03 10:59 -------- d-----w- g:\program files\PokerStars

2010-02-26 15:41 . 2009-12-04 14:10 -------- d-----r- g:\program files\Skype

2010-02-23 01:54 . 2009-11-13 00:24 -------- d-----w- g:\program files\SystemRequirementsLab

2010-02-23 01:54 . 2009-12-30 12:26 -------- d-----w- g:\documents and settings\K. Albert 2\Application Data\SystemRequirementsLab

2010-02-22 09:30 . 2009-07-02 17:28 -------- d-----w- g:\program files\Common Files\Adobe

2010-02-17 03:56 . 2009-06-30 09:48 24888 ----a-w- g:\documents and settings\K. Albert 2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-02-11 09:09 . 2010-02-08 08:30 -------- d-----w- g:\documents and settings\K. Albert 2\Application Data\Roxio

2010-02-10 02:55 . 2010-02-10 02:55 214816 ----a-w- g:\windows\system32\PnkBstrB.exe

2010-02-10 02:54 . 2010-02-10 02:54 75064 ----a-w- g:\windows\system32\PnkBstrA.exe

2010-02-09 07:05 . 2009-06-30 13:03 -------- d-----w- g:\program files\Google

2010-02-08 08:26 . 2010-02-08 08:22 -------- d-----w- g:\program files\Common Files\Roxio Shared

2010-02-06 22:42 . 2010-02-06 22:42 52224 ----a-w- g:\documents and settings\K. Albert 2\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-02-04 18:01 . 2010-02-06 07:21 74072 ----a-w- g:\windows\system32\XAPOFX1_4.dll

2010-02-04 18:01 . 2010-02-06 07:21 528216 ----a-w- g:\windows\system32\XAudio2_6.dll

2010-02-04 18:01 . 2010-02-06 07:21 238936 ----a-w- g:\windows\system32\xactengine3_6.dll

2010-02-04 18:01 . 2010-02-06 07:21 22360 ----a-w- g:\windows\system32\X3DAudio1_7.dll

2010-02-03 16:55 . 2010-02-03 16:54 -------- d-----w- g:\program files\TuneUp Utilities 2010

2010-02-03 16:54 . 2010-02-03 16:54 -------- d-----w- g:\documents and settings\K. Albert 2\Application Data\TuneUp Software

2010-02-03 16:54 . 2010-02-03 16:53 -------- d-----w- g:\documents and settings\All Users\Application Data\TuneUp Software

2010-02-03 16:53 . 2010-02-03 16:53 -------- d-sh--w- g:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

2010-01-29 01:15 . 2010-01-29 01:15 150016 ------w- g:\documents and settings\K. Albert 2\Application Data\MSN6\MSNDynFiles.NEW\vid_wide.dll

2010-01-29 01:15 . 2010-01-29 01:15 148992 ------w- g:\documents and settings\K. Albert 2\Application Data\MSN6\MSNDynFiles.NEW\vid_fly.dll

2010-01-29 01:15 . 2010-01-29 01:15 123392 ------w- g:\documents and settings\K. Albert 2\Application Data\MSN6\MSNDynFiles.NEW\msndupd.exe

2010-01-29 01:14 . 2010-01-29 01:14 390144 ------w- g:\documents and settings\K. Albert 2\Application Data\MSN6\MSNDynFiles.NEW\txsrvc.dll

2010-01-29 01:14 . 2010-01-29 01:14 476672 ------w- g:\documents and settings\K. Albert 2\Application Data\MSN6\MSNDynFiles.NEW\unicows.dll

2010-01-29 01:14 . 2010-01-29 01:14 142848 ------w- g:\documents and settings\K. Albert 2\Application Data\MSN6\MSNDynFiles.NEW\sbwebext.dll

2010-01-16 16:44 . 2009-12-10 09:58 -------- d-----w- g:\documents and settings\All Users\Application Data\SpinTop Games

2010-01-16 09:48 . 2009-07-05 09:55 138 ----a-w- g:\windows\popcinfo.dat

2010-01-14 23:08 . 2009-12-03 22:30 59664 ----a-w- g:\windows\system32\drivers\TfSysMon.sys

2010-01-14 23:08 . 2009-12-03 22:30 33552 ----a-w- g:\windows\system32\drivers\TfNetMon.sys

2010-01-14 23:08 . 2009-12-03 22:30 51984 ----a-w- g:\windows\system32\drivers\TfFsMon.sys

2010-01-14 18:27 . 2010-01-14 18:27 -------- d-----w- g:\program files\Microsoft Research

2010-01-14 10:58 . 2010-01-14 10:58 421888 ----a-w- g:\documents and settings\All Users\Application Data\MGS\cache\l\lua51host.6c8dcc3e9f55da70bf5ccd67df48f256.dll

2010-01-14 10:58 . 2010-01-14 10:58 225280 ----a-w- g:\documents and settings\All Users\Application Data\MGS\cache\m\myslot.14d73c530d6c095843c7fbfb86364c4e.dll

2010-01-14 10:54 . 2010-01-14 10:54 290941 ----a-w- g:\documents and settings\All Users\Application Data\MGS\cache\l\levelupvideopokerxxx.0d52d2ac00db83d9b97c99592ee3aa21.dll

2010-01-14 10:54 . 2010-01-14 10:54 139264 ----a-w- g:\documents and settings\All Users\Application Data\MGS\cache\l\levelupvideopokerplugin.d3ee60c36507413ca9ab67247eac5288.dll

2010-01-14 10:54 . 2010-01-14 10:54 114688 ----a-w- g:\documents and settings\All Users\Application Data\MGS\cache\l\levelupvideopokergambleplugin.d65fe35ffb2e6dc1b9ea46def3db39dc.dll

2010-01-14 10:52 . 2010-01-14 10:52 262416 ----a-w- g:\documents and settings\All Users\Application Data\MGS\cache\t\transition_temp.c6aaf42b66fa6688c8ea18a671984287.dll

2010-01-14 10:52 . 2010-01-14 10:52 655360 ----a-w- g:\documents and settings\All Users\Application Data\MGS\cache\t\transition_flightzone.2d8aa10da872f1ac4a34a2122bf3c4b2.dll

2010-01-14 10:52 . 2010-01-14 10:52 266512 ----a-w- g:\documents and settings\All Users\Application Data\MGS\cache\t\transition_tggg.399218aff849d2e187d4554dd62a73b6.dll

2010-01-14 10:52 . 2010-01-14 10:52 679936 ----a-w- g:\documents and settings\All Users\Application Data\MGS\cache\t\transition_septgao_09.04686bb06cfe59ecb3f271eb95218422.dll

2010-01-14 10:52 . 2010-01-14 10:52 254224 ----a-w- g:\documents and settings\All Users\Application Data\MGS\cache\t\transition.26c3e2ce55c7cca8b63e5e8d7b4627e4.dll

2010-01-14 10:52 . 2010-01-14 10:52 679936 ----a-w- g:\documents and settings\All Users\Application Data\MGS\cache\t\transition_wealthspa.5a3f4e96415d8b3050681cdd275f3d88.dll

2010-01-14 10:52 . 2010-01-14 10:52 679936 ----a-w- g:\documents and settings\All Users\Application Data\MGS\cache\t\transition_octgao_09.7768fe95f9efff3962c913196fe05f6a.dll

2010-01-14 10:41 . 2010-01-14 10:41 114960 ----a-w- g:\documents and settings\All Users\Application Data\MGS\cache\t\type_5reelnormal3_4_5.07db0a5618a0565d7bde7a2766c54711.dll

2010-01-14 10:41 . 2010-01-14 10:41 204905 ----a-w- g:\documents and settings\All Users\Application Data\MGS\cache\t\thunderstruck.0cc1be68d215832fa06fc779c0b3e069.dll

2010-01-14 10:40 . 2010-01-14 10:40 618496 ----a-w- g:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2_wealthspa.a58c586ab4d974ea2d4142fb4d851c2b.dll

2010-01-14 10:38 . 2010-01-14 10:38 1040384 ----a-w- g:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_septgao_09.02b3e0bc2a35757d7c030659fd21c70a.dll

2010-01-14 10:33 . 2010-01-14 10:33 32768 ----a-w- g:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_keno.ed975aa9c9bb5e5ec89c8ffeee254e8a.dll

2010-01-08 00:07 . 2009-07-02 12:53 38224 ----a-w- g:\windows\system32\drivers\mbamswissarmy.sys

2010-01-08 00:07 . 2009-07-02 12:53 19160 ----a-w- g:\windows\system32\drivers\mbam.sys

2009-12-30 12:26 . 2009-12-30 12:26 138240 ----a-w- g:\documents and settings\K. Albert 2\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll

2009-12-30 12:26 . 2009-12-30 12:26 138240 ----a-w- g:\documents and settings\K. Albert 2\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll

2009-12-30 12:26 . 2009-12-30 12:26 138240 ----a-w- g:\documents and settings\K. Albert 2\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll

2009-12-30 12:26 . 2009-12-30 12:26 138240 ----a-w- g:\documents and settings\K. Albert 2\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll

2009-12-15 06:22 . 2009-12-15 06:22 4846 ----a-r- g:\documents and settings\K. Albert 2\Application Data\Microsoft\Installer\{627EAB2D-F5AE-4815-AD8E-79129D7959E7}\MSFileRescue.chm16_627EAB2DF5AE4815AD8E79129D7959E7.exe

2009-12-15 06:22 . 2009-12-15 06:22 4846 ----a-r- g:\documents and settings\K. Albert 2\Application Data\Microsoft\Installer\{627EAB2D-F5AE-4815-AD8E-79129D7959E7}\MSFileRescue.chm15_627EAB2DF5AE4815AD8E79129D7959E7.exe

2009-12-15 06:22 . 2009-12-15 06:22 4846 ----a-r- g:\documents and settings\K. Albert 2\Application Data\Microsoft\Installer\{627EAB2D-F5AE-4815-AD8E-79129D7959E7}\MSFileRescue.chm14_627EAB2DF5AE4815AD8E79129D7959E7.exe

2009-12-15 06:22 . 2009-12-15 06:22 4846 ----a-r- g:\documents and settings\K. Albert 2\Application Data\Microsoft\Installer\{627EAB2D-F5AE-4815-AD8E-79129D7959E7}\MSFileRescue.chm13_627EAB2DF5AE4815AD8E79129D7959E7.exe

2009-12-15 06:22 . 2009-12-15 06:22 4846 ----a-r- g:\documents and settings\K. Albert 2\Application Data\Microsoft\Installer\{627EAB2D-F5AE-4815-AD8E-79129D7959E7}\MSFileRescue.chm12_627EAB2DF5AE4815AD8E79129D7959E7.exe

2009-12-15 06:22 . 2009-12-15 06:22 4846 ----a-r- g:\documents and settings\K. Albert 2\Application Data\Microsoft\Installer\{627EAB2D-F5AE-4815-AD8E-79129D7959E7}\MSFileRescue.chm1_627EAB2DF5AE4815AD8E79129D7959E7.exe

2009-12-15 06:22 . 2009-12-15 06:22 4846 ----a-r- g:\documents and settings\K. Albert 2\Application Data\Microsoft\Installer\{627EAB2D-F5AE-4815-AD8E-79129D7959E7}\MSFileRescue.chm17_627EAB2DF5AE4815AD8E79129D7959E7.exe

2009-12-15 06:22 . 2009-12-15 06:22 4846 ----a-r- g:\documents and settings\K. Albert 2\Application Data\Microsoft\Installer\{627EAB2D-F5AE-4815-AD8E-79129D7959E7}\MSFileRescue.chm11_627EAB2DF5AE4815AD8E79129D7959E7.exe

.

------- Sigcheck -------

[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . g:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . g:\windows\system32\dllcache\atapi.sys

[-] 2008-04-14 07:10 . 448B0956BF68F4B854173FFCBCAEE282 . 96512 . . [------] . . g:\windows\system32\drivers\atapi.sys

[-] 2008-08-27 . DF70435F3D17C40D5CB15E6DC918342E . 361600 . . [5.1.2600.5625] . . g:\windows\system32\drivers\tcpip.sys

[-] 2008-08-27 . F2DF0FDBD41B34112EE05ED04258F052 . 1614848 . . [5.1.2600.5512] . . g:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="g:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"swg"="g:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-30 39408]

"SpywareTerminatorUpdate"="g:\progra~1\SPYWAR~1\SpywareTerminatorUpdate.exe" [2009-07-02 3055616]

"Registry Cleaner Scheduler"="h:\program files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2009-11-23 471650]

"SUPERAntiSpyware"="h:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-19 2012912]

"Skype"="g:\program files\Skype\Phone\Skype.exe" [2010-02-22 26101032]

"FreeRAM XP"="g:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2009-07-02 1591808]

"SpybotSD TeaTimer"="g:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Dell Performance USB keyboard hotkey blocker"="g:\program files\Dell\USBKEYBLCK\USBKeyBlock.exe" [2002-12-02 53248]

"tsnpstd3"="g:\windows\tsnpstd3.exe" [2006-07-07 262144]

"snpstd3"="g:\windows\vsnpstd3.exe" [2006-09-19 827392]

"SpywareTerminator"="g:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-07-02 2173440]

"WheelMouse"="g:\program files\Mouse\Amoumain.exe" [2008-03-19 237568]

"TkBellExe"="g:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-17 198160]

"COMODO Internet Security"="g:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-03-04 1983760]

"SunJavaUpdateSched"="g:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"QuickTime Task"="h:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

"ThreatFire"="h:\program files\ThreatFire\TFTray.exe" [2010-01-14 378128]

"TweakMASTER"="h:\progra~1\TWEAKM~1\TMTray.exe" [2006-11-27 284712]

"DU Meter"="g:\program files\DU Meter\DUMeter.exe" [2006-11-27 1582616]

"Adobe ARM"="g:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"RoxioEngineUtility"="g:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-02-27 69632]

"Start WingMan Profiler"="g:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2009-03-08 128512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "h:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- h:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-12 06:43 12464 ----a-w- g:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=g:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"FreeRAM XP"="g:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="g:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"g:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"g:\\Program Files\\uTorrent\\uTorrent.exe"=

"g:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

"g:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"g:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"g:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"g:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

"g:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 TfFsMon;TfFsMon;g:\windows\system32\drivers\TfFsMon.sys [12/3/2009 2:30 PM 51984]

R0 TfSysMon;TfSysMon;g:\windows\system32\drivers\TfSysMon.sys [12/3/2009 2:30 PM 59664]

R1 DVDHlp;DVDHlp Driver;g:\windows\system32\drivers\dvdhlp.sys [2/18/2010 9:02 AM 104512]

R2 CLPSLS;COMODO livePCsupport Service;g:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2/12/2010 7:23 PM 148744]

S0 Lbd;Lbd;g:\windows\system32\DRIVERS\Lbd.sys --> g:\windows\system32\DRIVERS\Lbd.sys [?]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;g:\windows\system32\drivers\avgldx86.sys [3/11/2010 10:42 PM 333192]

S1 AvgTdiX;AVG Free Network Redirector;g:\windows\system32\drivers\avgtdix.sys [3/11/2010 10:43 PM 360584]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;g:\windows\system32\drivers\cmdGuard.sys [3/3/2010 7:54 PM 214056]

S1 cmdHlp;COMODO Internet Security Helper Driver;g:\windows\system32\drivers\cmdhlp.sys [3/3/2010 7:54 PM 25160]

S1 CopyHDDVDHlp;CopyHDDVDHlp Driver;g:\windows\system32\drivers\copyhddvdhlp.sys [2/18/2010 9:02 AM 5632]

S1 myWIFIzone;myWIFIzone Driver;g:\windows\system32\drivers\myWIFIzone.sys [12/22/2005 8:45 PM 19712]

S1 SASDIFSV;SASDIFSV;h:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/23/2009 8:43 AM 12872]

S1 SASKUTIL;SASKUTIL;h:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 66632]

S1 sp_rsdrv2;Spyware Terminator Driver 2;g:\windows\system32\drivers\sp_rsdrv2.sys [7/2/2009 4:47 AM 142592]

S2 avg9emc;AVG Free E-mail Scanner;g:\program files\AVG\AVG9\avgemc.exe [3/11/2010 10:41 PM 906520]

S2 avg9wd;AVG Free WatchDog;"g:\program files\AVG\AVG9\avgwdsvc.exe" --> g:\program files\AVG\AVG9\avgwdsvc.exe [?]

S2 gupdate;Google Update Service (gupdate);g:\program files\Google\Update\GoogleUpdate.exe [11/8/2009 12:18 AM 135664]

S2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;g:\windows\system32\drivers\thdudf.sys [2/18/2010 9:02 AM 66944]

S2 ThreatFire;ThreatFire;h:\program files\ThreatFire\TFService.exe service --> h:\program files\ThreatFire\TFService.exe service [?]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;g:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [10/30/2009 3:05 PM 1021256]

S2 wwEngineSvc;Window Washer Engine;g:\program files\Webroot\Washer\WasherSvc.exe [7/2/2009 5:55 AM 598856]

S3 ElbyCDI0;ElbyCDI0 Driver;g:\windows\system32\drivers\ElbyCDI0.sys [2/18/2010 9:02 AM 29864]

S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]

S3 HideMyIpSRV;HideMyIpSRV;h:\program files\Hide My IP\HideMyIpSrv.exe [3/5/2010 3:09 AM 2752832]

S3 SASENUM;SASENUM;h:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 12872]

S3 SecureSrv;SecureSrv; [x]

S3 TfNetMon;TfNetMon;g:\windows\system32\drivers\TfNetMon.sys [12/3/2009 2:30 PM 33552]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;g:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10/14/2009 7:24 AM 10064]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;g:\windows\system32\drivers\VBoxNetAdp.sys [11/18/2009 4:27 AM 95376]

S3 VBoxNetFlt;VBoxNetFlt Service;g:\windows\system32\DRIVERS\VBoxNetFlt.sys --> g:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the 'Scheduled Tasks' folder

2010-03-13 g:\windows\Tasks\Automatic troubleshooting.job

- g:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 23:12]

2010-03-13 g:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- g:\program files\Google\Update\GoogleUpdate.exe [2009-11-08 08:18]

2010-03-13 g:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- g:\program files\Google\Update\GoogleUpdate.exe [2009-11-08 08:18]

2010-03-08 g:\windows\Tasks\SmartDefrag.job

- h:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-02-06 23:30]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.msn.com

IE: Add to &LinkFox - h:\progra~1\TWEAKM~1\TweakBHO.dll/IESCRIPT

IE: Send To &Bluetooth

IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - g:\program files\PokerStars.NET\PokerStarsUpdate.exe

LSP: g:\windows\system32\HMIPCore.dll

LSP: g:\windows\system32\SecureNet.dll

TCP: {17496C10-8644-4DD8-B7DD-9175FE1E9F98} = 192.168.1.254

FF - ProfilePath - g:\documents and settings\K. Albert 2\Application Data\Mozilla\Firefox\Profiles\7m79505x.default\

FF - prefs.js: browser.startup.homepage - hxxp://msn.com

FF - plugin: g:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: g:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: g:\program files\New Folder\Netscape6\nppl3260.dll

FF - plugin: g:\program files\New Folder\Netscape6\nprjplug.dll

FF - plugin: g:\program files\New Folder\Netscape6\nprpjplug.dll

FF - plugin: g:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: h:\program files\QuickTime\Plugins\npqtplugin.dll

FF - plugin: h:\program files\QuickTime\Plugins\npqtplugin2.dll

FF - plugin: h:\program files\QuickTime\Plugins\npqtplugin3.dll

FF - plugin: h:\program files\QuickTime\Plugins\npqtplugin4.dll

FF - plugin: h:\program files\QuickTime\Plugins\npqtplugin5.dll

FF - plugin: h:\program files\QuickTime\Plugins\npqtplugin6.dll

FF - plugin: h:\program files\QuickTime\Plugins\npqtplugin7.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - g:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: accessibility.typeaheadfind - false

FF - user.js: privacy.sanitize.sanitizeOnShutdown - false.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

HKCU-Run-dbatmsound - g:\documents and settings\K. Albert 2\Local Settings\Application Data\dbatmsound\dbatmsound.dll

HKLM-Run-RoxioDragToDisc - g:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

HKLM-Run-RoxioAudioCentral - g:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

AddRemove-Alawar Games, The Treasures Of Mystery Island, FINAL 1.00 - h:\program files\Games\Alawar Games

AddRemove-AVG9Uninstall - g:\program files\AVG\AVG9\setup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-12 18:34

Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:

ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

g:\docume~1\K6575~1.ALB\LOCALS~1\Temp\Perflib_Perfdata_5b0.dat 16384 bytes

scan completed successfully

hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThreatFire]

"AlternateImagePath"=""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,47,53,2b,8e,e6,e4,e5,46,a3,b7,ee,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,47,53,2b,8e,e6,e4,e5,46,a3,b7,ee,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(276)

g:\windows\system32\guard32.dll

h:\program files\SUPERAntiSpyware\SASWINLO.dll

g:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(332)

g:\windows\system32\guard32.dll

.

Completion time: 2010-03-12 18:38:22

ComboFix-quarantined-files.txt 2010-03-13 02:38

Pre-Run: 50,715,471,872 bytes free

Post-Run: 50,952,396,800 bytes free

- - End Of File - - 2A6E0D42183141C0068867FF07C467D0

Link to post
Share on other sites

Download RC.ISO

and burn it to a cd as an ISO image.

You may need a burning toy like ISO Recorder

Once you have burned this as an ISO image, insert the CD into the drive, and then restart the computer. Watch for the prompt to "Press any key to boot from cd" and press the spacebar when you see it. You may have to change the boot priority in BIOS Setup to accomplish this...we'll cross that bridge if we get to it.

When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

If you have a dual-boot or multiple-boot computer, select the installation that you want to access from the Recovery Console...by number (usually 1)

When you are prompted to do so, type the Administrator password. If you have not set an administrator password, leave it blank and just press "Enter".

At the Recovery Console command prompt, type ren g:\windows\system32\drivers\atapi.sys atapi.vir then hit enter.

At the next line type this copy g:\windows\system32\dllcache\atapi.sys g:\windows\system32\drivers\ then hit enter.

Then it should say one file(s) copied.

If it does then type exit then the computer will restart.

======================================

If it get's into windows again do the following.

Delete the copy of ComboFix you have & download it again from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):

Link 1

Link 2

**IMPORTANT !!! RENAME ComboFix.exe to Commy.exe BEFORE you save it to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Query_RC.gif

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

To post in next reply:

ComboFix log

Update on how the computer is running

Link to post
Share on other sites

OK, I burnt a disc and booted my sick computer and when I pressed r for recovery it took mt to C:\WINDOWS....I don't have a "C" drive but I tried to type your instructions in there any ways and nothing.. but now I can get on my sick computer normal mode. It seems most functions are working but I don't want to push it... I know that I can not do a repair of my atapi,sys in the manner you instructed me to do...

Link to post
Share on other sites

Amazing, I can run most everything in normal mode but still can not run COMBOFIX... Had to run it in "SAFE MODE"

ComboFix 10-03-12.04 - K. Albert 2 03/13/2010 11:10:45.3.1 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.1147 [GMT -8:00]

Running from: G:\Documents and Settings\K. Albert 2\Desktop\commy.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2010-02-13 to 2010-03-13 )))))))))))))))))))))))))))))))

.

2010-03-13 08:20:58 . 2010-03-13 08:20:58 3638 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{DFC6573E-124D-4026-BFA4-B433C9D3FF21}\_2cd672ae.exe

2010-03-13 08:19:26 . 2010-03-13 08:19:26 -------- d-----w- G:\Program Files\Alex Feinman

2010-03-12 18:22:50 . 2009-10-15 13:10:38 476672 ---h--w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\unicows.dll

2010-03-12 18:22:49 . 2009-10-15 13:10:45 390144 ---h--w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\txsrvc.dll

2010-03-12 18:22:47 . 2009-10-15 13:38:47 131912 ---h--w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\msnupdate.exe

2010-03-12 17:03:16 . 2010-03-12 06:41:36 1007896 ----a-w- G:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgupd.exe

2010-03-12 17:03:15 . 2010-03-12 06:41:36 1658136 ----a-w- G:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-03-12 17:03:14 . 2010-03-12 06:41:36 800536 ----a-w- G:\Documents and Settings\All Users\Application Data\avg9\update\backup\avginet.dll

2010-03-12 17:03:14 . 2010-03-12 06:41:36 613656 ----a-w- G:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe

2010-03-12 17:00:59 . 2009-10-15 13:11:10 183296 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\MSNCoreFiles.NEW.{9D6EAA4F-27B2-4407-AC72-4BBD2FCB6ED1}\custsat.dll

2010-03-12 07:30:04 . 2010-03-12 15:53:33 -------- d-----w- G:\Documents and Settings\All Users\Application Data\MSNDynFiles

2010-03-12 07:23:23 . 2010-03-12 06:42:27 1260800 ----a-w- G:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgfrw.exe

2010-03-12 07:23:22 . 2010-03-12 06:42:32 3777280 ----a-w- G:\Documents and Settings\All Users\Application Data\avg9\update\backup\setup.exe

2010-03-12 06:58:23 . 2010-03-12 07:03:00 -------- d-----w- G:\Documents and Settings\All Users\Application Data\Comodo Downloader

2010-03-12 06:43:32 . 2010-03-12 07:46:17 -------- d-----w- G:\$AVG

2010-03-12 06:43:02 . 2010-03-12 06:43:02 12464 ----a-w- G:\WINDOWS\system32\avgrsstx.dll

2010-03-12 06:43:00 . 2010-03-12 06:43:00 360584 ----a-w- G:\WINDOWS\system32\drivers\avgtdix.sys

2010-03-12 06:42:47 . 2010-03-12 06:42:48 333192 ----a-w- G:\WINDOWS\system32\drivers\avgldx86.sys

2010-03-12 06:42:47 . 2010-03-12 06:42:47 28424 ----a-w- G:\WINDOWS\system32\drivers\avgmfx86.sys

2010-03-12 06:42:43 . 2010-03-12 06:42:46 -------- d-----w- G:\WINDOWS\system32\drivers\Avg

2010-03-12 06:41:30 . 2010-03-12 06:41:30 -------- d-----w- G:\Program Files\AVG

2010-03-12 06:41:26 . 2010-03-12 06:41:30 -------- d-----w- G:\Documents and Settings\All Users\Application Data\avg9

2010-03-12 05:43:25 . 2010-03-12 06:48:02 -------- d-----w- G:\Program Files\Spybot - Search & Destroy

2010-03-12 05:43:25 . 2010-03-12 06:45:19 -------- d-----w- G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2010-03-05 11:10:52 . 2010-01-30 18:48:22 266552 ----a-w- G:\WINDOWS\system32\HMIPCore.dll

2010-03-04 03:54:42 . 2010-03-04 03:54:42 276648 ----a-w- G:\WINDOWS\system32\guard32.dll

2010-03-04 03:54:16 . 2010-03-04 03:54:16 86720 ----a-w- G:\WINDOWS\system32\drivers\inspect.sys

2010-03-04 03:54:14 . 2010-03-04 03:54:14 25160 ----a-w- G:\WINDOWS\system32\drivers\cmdhlp.sys

2010-03-04 03:54:14 . 2010-03-04 03:54:14 214056 ----a-w- G:\WINDOWS\system32\drivers\cmdGuard.sys

2010-03-04 03:54:12 . 2010-03-04 03:54:12 15376 ----a-w- G:\WINDOWS\system32\drivers\cmderd.sys

2010-03-01 07:47:31 . 2010-03-01 07:47:31 -------- d-----w- G:\Program Files\ABF software

2010-02-26 15:41:33 . 2010-02-26 15:41:33 -------- d-----w- G:\Program Files\Common Files\Skype

2010-02-23 01:54:03 . 2010-02-23 01:54:03 84480 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.66.0A.dll

2010-02-22 06:43:11 . 2010-02-22 06:43:11 84480 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.64.0A.dll

2010-02-21 05:33:21 . 2008-04-14 08:09:50 14592 -c--a-w- G:\WINDOWS\system32\dllcache\kbdhid.sys

2010-02-21 05:33:21 . 2008-04-14 08:09:50 14592 ----a-w- G:\WINDOWS\system32\drivers\kbdhid.sys

2010-02-21 05:31:56 . 2010-02-21 05:31:57 -------- d-----w- G:\Program Files\Common Files\Logitech

2010-02-21 05:31:54 . 2010-02-21 05:31:54 -------- d-----w- G:\Program Files\Logitech

2010-02-19 20:47:05 . 2010-02-19 21:24:38 401408 ------w- G:\WINDOWS\Setup1.exe

2010-02-19 20:46:57 . 2010-02-19 21:24:35 73216 ----a-w- G:\WINDOWS\ST6UNST.EXE

2010-02-18 17:02:39 . 2006-11-11 10:25:20 66944 ----a-w- G:\WINDOWS\system32\drivers\thdudf.sys

2010-02-18 17:02:37 . 2009-11-19 16:53:36 5632 ----a-w- G:\WINDOWS\system32\drivers\copyhddvdhlp.sys

2010-02-18 17:02:37 . 2009-11-18 23:32:54 42496 ----a-w- G:\WINDOWS\system32\ElbyHlper.dll

2010-02-18 17:02:37 . 2009-11-18 22:15:54 90112 ----a-w- G:\WINDOWS\system32\ElbyCDI0.dll

2010-02-18 17:02:37 . 2009-11-12 03:22:04 104512 ----a-w- G:\WINDOWS\system32\drivers\dvdhlp.sys

2010-02-18 17:02:37 . 2009-10-18 07:45:56 29864 ----a-w- G:\WINDOWS\system32\drivers\ElbyCDI0.sys

2010-02-17 19:02:23 . 2010-02-17 19:02:23 95315 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_4a6b7469.exe

2010-02-17 19:02:23 . 2010-02-17 19:02:23 61203 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_73377782.exe

2010-02-17 19:02:23 . 2010-02-17 19:02:23 57332 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_4afe4714.exe

2010-02-17 19:02:23 . 2010-02-17 19:02:23 53559 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_4a6e1e65.exe

2010-02-17 19:02:23 . 2010-02-17 19:02:23 53394 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_4a724862.exe

2010-02-17 19:02:23 . 2010-02-17 19:02:23 46502 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_76c33809.exe

2010-02-17 19:02:23 . 2010-02-17 19:02:23 3638 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_5366915.exe

2010-02-17 19:02:23 . 2010-02-17 19:02:23 14846 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_4a75725e.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-13 18:33:23 . 2009-06-30 13:04:01 -------- d-----w- G:\Documents and Settings\K. Albert 2\Application Data\Skype

2010-03-13 16:04:43 . 2009-06-30 13:07:47 -------- d-----w- G:\Documents and Settings\K. Albert 2\Application Data\skypePM

2010-03-13 12:06:14 . 2009-07-02 12:48:23 -------- d-----w- G:\Program Files\WinClamAVShield

2010-03-12 18:22:50 . 2009-06-30 12:50:56 -------- d-----w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6

2010-03-12 12:32:14 . 2009-07-02 12:47:03 -------- d-----w- G:\Documents and Settings\All Users\Application Data\Spyware Terminator

2010-03-12 07:56:50 . 2009-06-30 10:29:48 -------- d-----w- G:\Program Files\Asistente Prodigy

2010-03-12 07:14:31 . 2009-06-30 11:50:01 -------- d-----w- G:\Documents and Settings\All Users\Application Data\Comodo

2010-03-12 07:03:04 . 2009-06-30 11:49:56 -------- d-----w- G:\Program Files\COMODO

2010-03-12 02:21:10 . 2009-07-02 12:47:03 -------- d-----w- G:\Program Files\Spyware Terminator

2010-03-10 21:56:11 . 2009-07-02 12:47:07 -------- d-----w- G:\Documents and Settings\K. Albert 2\Application Data\Spyware Terminator

2010-03-09 21:23:29 . 2009-07-03 13:48:30 1 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-03-09 04:57:55 . 2009-07-02 12:03:41 -------- d-----w- G:\Documents and Settings\K. Albert 2\Application Data\uTorrent

2010-03-06 06:18:29 . 2009-07-02 12:53:48 -------- d-----w- G:\Program Files\Malwarebytes' Anti-Malware

2010-03-04 15:23:28 . 2009-11-27 11:22:01 117760 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-03-04 15:20:10 . 2009-08-18 21:13:57 5115824 ----a-w- G:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-02-28 06:10:57 . 2009-07-03 10:59:56 -------- d-----w- G:\Program Files\PokerStars

2010-02-26 15:41:31 . 2009-12-04 14:10:55 -------- d-----r- G:\Program Files\Skype

2010-02-23 01:54:15 . 2009-11-13 00:24:14 -------- d-----w- G:\Program Files\SystemRequirementsLab

2010-02-23 01:54:03 . 2009-12-30 12:26:22 -------- d-----w- G:\Documents and Settings\K. Albert 2\Application Data\SystemRequirementsLab

2010-02-22 09:30:11 . 2009-07-02 17:28:11 -------- d-----w- G:\Program Files\Common Files\Adobe

2010-02-17 03:56:38 . 2009-06-30 09:48:38 24888 ----a-w- G:\Documents and Settings\K. Albert 2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-02-11 09:09:45 . 2010-02-08 08:30:40 -------- d-----w- G:\Documents and Settings\K. Albert 2\Application Data\Roxio

2010-02-10 02:55:03 . 2010-02-10 02:55:08 214816 ----a-w- G:\WINDOWS\system32\PnkBstrB.exe

2010-02-10 02:54:55 . 2010-02-10 02:54:55 75064 ----a-w- G:\WINDOWS\system32\PnkBstrA.exe

2010-02-09 07:05:31 . 2009-06-30 13:03:51 -------- d-----w- G:\Program Files\Google

2010-02-08 08:26:33 . 2010-02-08 08:22:09 -------- d-----w- G:\Program Files\Common Files\Roxio Shared

2010-02-06 22:42:30 . 2010-02-06 22:42:30 52224 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-02-04 18:01:14 . 2010-02-06 07:21:41 74072 ----a-w- G:\WINDOWS\system32\XAPOFX1_4.dll

2010-02-04 18:01:14 . 2010-02-06 07:21:41 528216 ----a-w- G:\WINDOWS\system32\XAudio2_6.dll

2010-02-04 18:01:14 . 2010-02-06 07:21:40 238936 ----a-w- G:\WINDOWS\system32\xactengine3_6.dll

2010-02-04 18:01:14 . 2010-02-06 07:21:39 22360 ----a-w- G:\WINDOWS\system32\X3DAudio1_7.dll

2010-02-03 17:00:03 . 2010-02-03 17:00:03 -------- d-----w- G:\Documents and Settings\LocalService\Application Data\TuneUp Software

2010-02-03 16:55:20 . 2010-02-03 16:54:20 -------- d-----w- G:\Program Files\TuneUp Utilities 2010

2010-02-03 16:54:47 . 2010-02-03 16:54:47 -------- d-----w- G:\Documents and Settings\K. Albert 2\Application Data\TuneUp Software

2010-02-03 16:54:25 . 2010-02-03 16:53:56 -------- d-----w- G:\Documents and Settings\All Users\Application Data\TuneUp Software

2010-02-03 16:53:39 . 2010-02-03 16:53:39 -------- d-sh--w- G:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

2010-01-29 01:15:22 . 2010-01-29 01:15:22 150016 ------w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\MSNDynFiles.NEW\vid_wide.dll

2010-01-29 01:15:22 . 2010-01-29 01:15:22 148992 ------w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\MSNDynFiles.NEW\vid_fly.dll

2010-01-29 01:15:22 . 2010-01-29 01:15:22 123392 ------w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\MSNDynFiles.NEW\msndupd.exe

2010-01-29 01:14:30 . 2010-01-29 01:14:30 390144 ------w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\MSNDynFiles.NEW\txsrvc.dll

2010-01-29 01:14:24 . 2010-01-29 01:14:24 476672 ------w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\MSNDynFiles.NEW\unicows.dll

2010-01-29 01:14:22 . 2010-01-29 01:14:22 142848 ------w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\MSNDynFiles.NEW\sbwebext.dll

2010-01-16 16:44:33 . 2009-12-10 09:58:23 -------- d-----w- G:\Documents and Settings\All Users\Application Data\SpinTop Games

2010-01-16 09:48:18 . 2009-07-05 09:55:16 138 ----a-w- G:\WINDOWS\popcinfo.dat

2010-01-14 23:08:30 . 2009-12-03 22:30:04 59664 ----a-w- G:\WINDOWS\system32\drivers\TfSysMon.sys

2010-01-14 23:08:29 . 2009-12-03 22:30:04 33552 ----a-w- G:\WINDOWS\system32\drivers\TfNetMon.sys

2010-01-14 23:08:28 . 2009-12-03 22:30:04 51984 ----a-w- G:\WINDOWS\system32\drivers\TfFsMon.sys

2010-01-14 18:27:27 . 2010-01-14 18:27:27 -------- d-----w- G:\Program Files\Microsoft Research

2010-01-14 10:58:41 . 2010-01-14 10:58:41 421888 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\l\lua51host.6c8dcc3e9f55da70bf5ccd67df48f256.dll

2010-01-14 10:58:41 . 2010-01-14 10:58:41 225280 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\m\myslot.14d73c530d6c095843c7fbfb86364c4e.dll

2010-01-14 10:54:35 . 2010-01-14 10:54:35 290941 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\l\levelupvideopokerxxx.0d52d2ac00db83d9b97c99592ee3aa21.dll

2010-01-14 10:54:35 . 2010-01-14 10:54:35 139264 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\l\levelupvideopokerplugin.d3ee60c36507413ca9ab67247eac5288.dll

2010-01-14 10:54:35 . 2010-01-14 10:54:35 114688 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\l\levelupvideopokergambleplugin.d65fe35ffb2e6dc1b9ea46def3db39dc.dll

2010-01-14 10:52:42 . 2010-01-14 10:52:42 262416 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition_temp.c6aaf42b66fa6688c8ea18a671984287.dll

2010-01-14 10:52:40 . 2010-01-14 10:52:40 655360 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition_flightzone.2d8aa10da872f1ac4a34a2122bf3c4b2.dll

2010-01-14 10:52:40 . 2010-01-14 10:52:40 266512 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition_tggg.399218aff849d2e187d4554dd62a73b6.dll

2010-01-14 10:52:38 . 2010-01-14 10:52:38 679936 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition_septgao_09.04686bb06cfe59ecb3f271eb95218422.dll

2010-01-14 10:52:37 . 2010-01-14 10:52:37 254224 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition.26c3e2ce55c7cca8b63e5e8d7b4627e4.dll

2010-01-14 10:52:36 . 2010-01-14 10:52:36 679936 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition_wealthspa.5a3f4e96415d8b3050681cdd275f3d88.dll

2010-01-14 10:52:35 . 2010-01-14 10:52:35 679936 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition_octgao_09.7768fe95f9efff3962c913196fe05f6a.dll

2010-01-14 10:41:55 . 2010-01-14 10:41:55 114960 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\type_5reelnormal3_4_5.07db0a5618a0565d7bde7a2766c54711.dll

2010-01-14 10:41:17 . 2010-01-14 10:41:17 204905 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\thunderstruck.0cc1be68d215832fa06fc779c0b3e069.dll

2010-01-14 10:40:14 . 2010-01-14 10:40:14 618496 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\g\gamble2_wealthspa.a58c586ab4d974ea2d4142fb4d851c2b.dll

2010-01-14 10:38:58 . 2010-01-14 10:38:58 1040384 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_septgao_09.02b3e0bc2a35757d7c030659fd21c70a.dll

2010-01-14 10:33:48 . 2010-01-14 10:33:48 32768 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\_\_crt_keno.ed975aa9c9bb5e5ec89c8ffeee254e8a.dll

2010-01-08 00:07:14 . 2009-07-02 12:53:50 38224 ----a-w- G:\WINDOWS\system32\drivers\mbamswissarmy.sys

2010-01-08 00:07:04 . 2009-07-02 12:53:48 19160 ----a-w- G:\WINDOWS\system32\drivers\mbam.sys

2009-12-30 12:26:22 . 2009-12-30 12:26:22 138240 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll

2009-12-30 12:26:22 . 2009-12-30 12:26:22 138240 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll

2009-12-30 12:26:22 . 2009-12-30 12:26:22 138240 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll

2009-12-30 12:26:22 . 2009-12-30 12:26:22 138240 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll

2009-12-15 06:22:44 . 2009-12-15 06:22:44 4846 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{627EAB2D-F5AE-4815-AD8E-79129D7959E7}\MSFileRescue.chm16_627EAB2DF5AE4815AD8E79129D7959E7.exe

2009-12-15 06:22:44 . 2009-12-15 06:22:44 4846 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{627EAB2D-F5AE-4815-AD8E-79129D7959E7}\MSFileRescue.chm15_627EAB2DF5AE4815AD8E79129D7959E7.exe

2009-12-15 06:22:44 . 2009-12-15 06:22:44 4846 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{627EAB2D-F5AE-4815-AD8E-79129D7959E7}\MSFileRescue.chm14_627EAB2DF5AE4815AD8E79129D7959E7.exe

2009-12-15 06:22:44 . 2009-12-15 06:22:44 4846 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{627EAB2D-F5AE-4815-AD8E-79129D7959E7}\MSFileRescue.chm13_627EAB2DF5AE4815AD8E79129D7959E7.exe

2009-12-15 06:22:44 . 2009-12-15 06:22:44 4846 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{627EAB2D-F5AE-4815-AD8E-79129D7959E7}\MSFileRescue.chm12_627EAB2DF5AE4815AD8E79129D7959E7.exe

2009-12-15 06:22:44 . 2009-12-15 06:22:44 4846 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{627EAB2D-F5AE-4815-AD8E-79129D7959E7}\MSFileRescue.chm1_627EAB2DF5AE4815AD8E79129D7959E7.exe

2009-12-15 06:22:43 . 2009-12-15 06:22:43 4846 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{627EAB2D-F5AE-4815-AD8E-79129D7959E7}\MSFileRescue.chm17_627EAB2DF5AE4815AD8E79129D7959E7.exe

2009-12-15 06:22:43 . 2009-12-15 06:22:43 4846 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{627EAB2D-F5AE-4815-AD8E-79129D7959E7}\MSFileRescue.chm11_627EAB2DF5AE4815AD8E79129D7959E7.exe

.

------- Sigcheck -------

[7] 2008-04-14 12:00:00 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . G:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

[7] 2008-04-14 07:10:32 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512 (xpsp.080413-2108)] . . G:\WINDOWS\system32\dllcache\atapi.sys

[-] 2008-04-14 07:10:32 . 448B0956BF68F4B854173FFCBCAEE282 . 96512 . . [------] . . G:\WINDOWS\system32\drivers\atapi.sys

[-] 2008-08-27 13:16:31 . DF70435F3D17C40D5CB15E6DC918342E . 361600 . . [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] . . G:\WINDOWS\system32\drivers\tcpip.sys

[-] 2008-08-27 15:12:05 . F2DF0FDBD41B34112EE05ED04258F052 . 1614848 . . [5.1.2600.5512 (xpsp.080413-2111)] . . G:\WINDOWS\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-03-13_02.34.47 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-03-13 08:19:38 . 2010-03-13 08:19:38 133632 G:\WINDOWS\Installer\11ade22.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="G:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 23:44:34 3883856]

"swg"="G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-30 13:04:52 39408]

"SpywareTerminatorUpdate"="G:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe" [2009-07-02 12:47:07 3055616]

"Registry Cleaner Scheduler"="H:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2009-11-23 11:12:05 471650]

"SUPERAntiSpyware"="H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-19 21:22:41 2012912]

"Skype"="G:\Program Files\Skype\Phone\Skype.exe" [2010-02-22 20:42:40 26101032]

"FreeRAM XP"="G:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2009-07-02 11:56:18 1591808]

"SpybotSD TeaTimer"="G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 00:07:20 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Dell Performance USB keyboard hotkey blocker"="G:\Program Files\Dell\USBKEYBLCK\USBKeyBlock.exe" [2002-12-02 20:54:32 53248]

"tsnpstd3"="G:\WINDOWS\tsnpstd3.exe" [2006-07-07 22:04:56 262144]

"snpstd3"="G:\WINDOWS\vsnpstd3.exe" [2006-09-19 16:07:28 827392]

"SpywareTerminator"="G:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-07-02 12:47:07 2173440]

"WheelMouse"="G:\Program Files\Mouse\Amoumain.exe" [2008-03-19 15:04:56 237568]

"TkBellExe"="G:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2009-08-17 08:10:14 198160]

"COMODO Internet Security"="G:\Program Files\COMODO\COMODO Internet Security\cfp.exe" [2010-03-04 03:54:32 1983760]

"SunJavaUpdateSched"="G:\Program Files\Java\jre6\bin\jusched.exe" [2009-10-11 12:17:36 149280]

"QuickTime Task"="H:\Program Files\QuickTime\qttask.exe" [2009-09-05 09:54:42 417792]

"ThreatFire"="H:\Program Files\ThreatFire\TFTray.exe" [2010-01-14 23:08:16 378128]

"TweakMASTER"="H:\PROGRA~1\TWEAKM~1\TMTray.exe" [2006-11-27 23:26:28 284712]

"DU Meter"="G:\Program Files\DU Meter\DUMeter.exe" [2006-11-27 23:19:10 1582616]

"Adobe ARM"="G:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 23:57:56 948672]

"RoxioEngineUtility"="G:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-02-27 13:31:24 69632]

"Start WingMan Profiler"="G:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 05:14:48 153608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2009-03-08 11:32:48 128512]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "H:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21:42 548352 ----a-w- H:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-12 06:43:02 12464 ----a-w- G:\WINDOWS\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=G:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"FreeRAM XP"="G:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="G:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"G:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"G:\\Program Files\\uTorrent\\uTorrent.exe"=

"G:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

"G:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"G:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"G:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"G:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

"G:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 TfFsMon;TfFsMon;G:\WINDOWS\system32\drivers\TfFsMon.sys [12/3/2009 2:30:04 PM 51984]

R0 TfSysMon;TfSysMon;G:\WINDOWS\system32\drivers\TfSysMon.sys [12/3/2009 2:30:04 PM 59664]

R1 DVDHlp;DVDHlp Driver;G:\WINDOWS\system32\drivers\dvdhlp.sys [2/18/2010 9:02:37 AM 104512]

R2 CLPSLS;COMODO livePCsupport Service;G:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe [2/12/2010 7:23:32 PM 148744]

S0 Lbd;Lbd;G:\WINDOWS\system32\DRIVERS\Lbd.sys --> G:\WINDOWS\system32\DRIVERS\Lbd.sys [?]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;G:\WINDOWS\system32\drivers\avgldx86.sys [3/11/2010 10:42:47 PM 333192]

S1 AvgTdiX;AVG Free Network Redirector;G:\WINDOWS\system32\drivers\avgtdix.sys [3/11/2010 10:43:00 PM 360584]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;G:\WINDOWS\system32\drivers\cmdGuard.sys [3/3/2010 7:54:14 PM 214056]

S1 cmdHlp;COMODO Internet Security Helper Driver;G:\WINDOWS\system32\drivers\cmdhlp.sys [3/3/2010 7:54:14 PM 25160]

S1 CopyHDDVDHlp;CopyHDDVDHlp Driver;G:\WINDOWS\system32\drivers\copyhddvdhlp.sys [2/18/2010 9:02:37 AM 5632]

S1 myWIFIzone;myWIFIzone Driver;G:\WINDOWS\system32\drivers\myWIFIzone.sys [12/22/2005 8:45:40 PM 19712]

S1 SASDIFSV;SASDIFSV;H:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [11/23/2009 8:43:30 AM 12872]

S1 SASKUTIL;SASKUTIL;H:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43:28 AM 66632]

S1 sp_rsdrv2;Spyware Terminator Driver 2;G:\WINDOWS\system32\drivers\sp_rsdrv2.sys [7/2/2009 4:47:07 AM 142592]

S2 avg9emc;AVG Free E-mail Scanner;G:\Program Files\AVG\AVG9\avgemc.exe [3/11/2010 10:41:35 PM 906520]

S2 avg9wd;AVG Free WatchDog;"G:\Program Files\AVG\AVG9\avgwdsvc.exe" --> G:\Program Files\AVG\AVG9\avgwdsvc.exe [?]

S2 gupdate;Google Update Service (gupdate);G:\Program Files\Google\Update\GoogleUpdate.exe [11/8/2009 12:18:51 AM 135664]

S2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;G:\WINDOWS\system32\drivers\thdudf.sys [2/18/2010 9:02:39 AM 66944]

S2 ThreatFire;ThreatFire;H:\Program Files\ThreatFire\TFService.exe service --> H:\Program Files\ThreatFire\TFService.exe service [?]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;G:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [10/30/2009 3:05:48 PM 1021256]

S2 wwEngineSvc;Window Washer Engine;G:\Program Files\Webroot\Washer\WasherSvc.exe [7/2/2009 5:55:27 AM 598856]

S3 ElbyCDI0;ElbyCDI0 Driver;G:\WINDOWS\system32\drivers\ElbyCDI0.sys [2/18/2010 9:02:37 AM 29864]

S3 FXDrv32;FXDrv32;\??\E:\FXDrv32.sys --> E:\FXDrv32.sys [?]

S3 HideMyIpSRV;HideMyIpSRV;H:\Program Files\Hide My IP\HideMyIpSrv.exe [3/5/2010 3:09:52 AM 2752832]

S3 SASENUM;SASENUM;H:\Program Files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43:30 AM 12872]

S3 SecureSrv;SecureSrv; [x]

S3 TfNetMon;TfNetMon;G:\WINDOWS\system32\drivers\TfNetMon.sys [12/3/2009 2:30:04 PM 33552]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;G:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10/14/2009 7:24:44 AM 10064]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;G:\WINDOWS\system32\drivers\VBoxNetAdp.sys [11/18/2009 4:27:44 AM 95376]

S3 VBoxNetFlt;VBoxNetFlt Service;G:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys --> G:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the 'Scheduled Tasks' folder

2010-03-13 G:\WINDOWS\Tasks\Automatic troubleshooting.job

- G:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-10-30 23:12:24 . 2009-10-30 23:12:24]

2010-03-13 G:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

- G:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-08 08:18:51 . 2009-11-08 08:18:41]

2010-03-13 G:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

- G:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-08 08:18:51 . 2009-11-08 08:18:41]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.msn.com

IE: Add to &LinkFox - H:\PROGRA~1\TWEAKM~1\TweakBHO.dll/IESCRIPT

IE: Send To &Bluetooth

IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - G:\Program Files\PokerStars.NET\PokerStarsUpdate.exe

LSP: G:\WINDOWS\system32\HMIPCore.dll

LSP: G:\WINDOWS\system32\SecureNet.dll

TCP: {17496C10-8644-4DD8-B7DD-9175FE1E9F98} = 192.168.1.254

FF - ProfilePath - G:\Documents and Settings\K. Albert 2\Application Data\Mozilla\Firefox\Profiles\7m79505x.default\

FF - prefs.js: browser.startup.homepage - hxxp://msn.com

FF - plugin: G:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: G:\Program Files\Google\Update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: G:\Program Files\New Folder\Netscape6\nppl3260.dll

FF - plugin: G:\Program Files\New Folder\Netscape6\nprjplug.dll

FF - plugin: G:\Program Files\New Folder\Netscape6\nprpjplug.dll

FF - plugin: G:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: H:\Program Files\QuickTime\Plugins\npqtplugin2.dll

FF - plugin: H:\Program Files\QuickTime\Plugins\npqtplugin3.dll

FF - plugin: H:\Program Files\QuickTime\Plugins\npqtplugin4.dll

FF - plugin: H:\Program Files\QuickTime\Plugins\npqtplugin5.dll

FF - plugin: H:\Program Files\QuickTime\Plugins\npqtplugin6.dll

FF - plugin: H:\Program Files\QuickTime\Plugins\npqtplugin7.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - G:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: accessibility.typeaheadfind - false

FF - user.js: privacy.sanitize.sanitizeOnShutdown - false.

Link to post
Share on other sites

The last ComboFix was cut off at the end. That's OK. I looked at the first log.

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

KILLALL::

File::
g:\documents and settings\K. Albert 2\Application Data\uTorrent

Reglock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

Registry::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"G:\\Program Files\\uTorrent\\uTorrent.exe"=-

FCopy::
g:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys |g:\WINDOWS\system32\drivers\atapi.sys

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

ComboFix 10-03-12.04 - K. Albert 2 03/13/2010 15:28:52.4.1 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.1223 [GMT -8:00]

Running from: G:\Documents and Settings\K. Albert 2\Desktop\commy.exe

Command switches used :: G:\Documents and Settings\K. Albert 2\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

"g:\documents and settings\K. Albert 2\Application Data\uTorrent"

Link to post
Share on other sites

ComboFix 10-03-12.04 - K. Albert 2 03/13/2010 15:28:52.4.1 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.1223 [GMT -8:00]

Running from: G:\Documents and Settings\K. Albert 2\Desktop\commy.exe

Command switches used :: G:\Documents and Settings\K. Albert 2\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::

"g:\documents and settings\K. Albert 2\Application Data\uTorrent"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

--------------- FCopy ---------------

g:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys --> g:\WINDOWS\system32\drivers\atapi.sys

.

((((((((((((((((((((((((( Files Created from 2010-02-13 to 2010-03-13 )))))))))))))))))))))))))))))))

.

2010-03-13 08:20:58 . 2010-03-13 08:20:58 3638 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{DFC6573E-124D-4026-BFA4-B433C9D3FF21}\_2cd672ae.exe

2010-03-13 08:19:26 . 2010-03-13 08:19:26 -------- d-----w- G:\Program Files\Alex Feinman

2010-03-12 18:22:50 . 2009-10-15 13:10:38 476672 ---h--w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\unicows.dll

2010-03-12 18:22:49 . 2009-10-15 13:10:45 390144 ---h--w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\txsrvc.dll

2010-03-12 18:22:47 . 2009-10-15 13:38:47 131912 ---h--w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\msnupdate.exe

2010-03-12 17:03:16 . 2010-03-12 06:41:36 1007896 ----a-w- G:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgupd.exe

2010-03-12 17:03:15 . 2010-03-12 06:41:36 1658136 ----a-w- G:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-03-12 17:03:14 . 2010-03-12 06:41:36 800536 ----a-w- G:\Documents and Settings\All Users\Application Data\avg9\update\backup\avginet.dll

2010-03-12 17:03:14 . 2010-03-12 06:41:36 613656 ----a-w- G:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe

2010-03-12 17:00:59 . 2009-10-15 13:11:10 183296 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\MSNCoreFiles.NEW.{9D6EAA4F-27B2-4407-AC72-4BBD2FCB6ED1}\custsat.dll

2010-03-12 07:30:04 . 2010-03-12 15:53:33 -------- d-----w- G:\Documents and Settings\All Users\Application Data\MSNDynFiles

2010-03-12 07:23:23 . 2010-03-12 06:42:27 1260800 ----a-w- G:\Documents and Settings\All Users\Application Data\avg9\update\backup\avgfrw.exe

2010-03-12 07:23:22 . 2010-03-12 06:42:32 3777280 ----a-w- G:\Documents and Settings\All Users\Application Data\avg9\update\backup\setup.exe

2010-03-12 06:58:23 . 2010-03-12 07:03:00 -------- d-----w- G:\Documents and Settings\All Users\Application Data\Comodo Downloader

2010-03-12 06:43:32 . 2010-03-12 07:46:17 -------- d-----w- G:\$AVG

2010-03-12 06:43:02 . 2010-03-12 06:43:02 12464 ----a-w- G:\WINDOWS\system32\avgrsstx.dll

2010-03-12 06:43:00 . 2010-03-12 06:43:00 360584 ----a-w- G:\WINDOWS\system32\drivers\avgtdix.sys

2010-03-12 06:42:47 . 2010-03-12 06:42:48 333192 ----a-w- G:\WINDOWS\system32\drivers\avgldx86.sys

2010-03-12 06:42:47 . 2010-03-12 06:42:47 28424 ----a-w- G:\WINDOWS\system32\drivers\avgmfx86.sys

2010-03-12 06:42:43 . 2010-03-12 06:42:46 -------- d-----w- G:\WINDOWS\system32\drivers\Avg

2010-03-12 06:41:30 . 2010-03-12 06:41:30 -------- d-----w- G:\Program Files\AVG

2010-03-12 06:41:26 . 2010-03-12 06:41:30 -------- d-----w- G:\Documents and Settings\All Users\Application Data\avg9

2010-03-12 05:43:25 . 2010-03-12 06:48:02 -------- d-----w- G:\Program Files\Spybot - Search & Destroy

2010-03-12 05:43:25 . 2010-03-12 06:45:19 -------- d-----w- G:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2010-03-05 11:10:52 . 2010-01-30 18:48:22 266552 ----a-w- G:\WINDOWS\system32\HMIPCore.dll

2010-03-04 03:54:42 . 2010-03-04 03:54:42 276648 ----a-w- G:\WINDOWS\system32\guard32.dll

2010-03-04 03:54:16 . 2010-03-04 03:54:16 86720 ----a-w- G:\WINDOWS\system32\drivers\inspect.sys

2010-03-04 03:54:14 . 2010-03-04 03:54:14 25160 ----a-w- G:\WINDOWS\system32\drivers\cmdhlp.sys

2010-03-04 03:54:14 . 2010-03-04 03:54:14 214056 ----a-w- G:\WINDOWS\system32\drivers\cmdGuard.sys

2010-03-04 03:54:12 . 2010-03-04 03:54:12 15376 ----a-w- G:\WINDOWS\system32\drivers\cmderd.sys

2010-03-01 07:47:31 . 2010-03-01 07:47:31 -------- d-----w- G:\Program Files\ABF software

2010-02-26 15:41:33 . 2010-02-26 15:41:33 -------- d-----w- G:\Program Files\Common Files\Skype

2010-02-23 01:54:03 . 2010-02-23 01:54:03 84480 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.66.0A.dll

2010-02-22 06:43:11 . 2010-02-22 06:43:11 84480 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.64.0A.dll

2010-02-21 05:33:21 . 2008-04-14 08:09:50 14592 -c--a-w- G:\WINDOWS\system32\dllcache\kbdhid.sys

2010-02-21 05:33:21 . 2008-04-14 08:09:50 14592 ----a-w- G:\WINDOWS\system32\drivers\kbdhid.sys

2010-02-21 05:31:56 . 2010-02-21 05:31:57 -------- d-----w- G:\Program Files\Common Files\Logitech

2010-02-21 05:31:54 . 2010-02-21 05:31:54 -------- d-----w- G:\Program Files\Logitech

2010-02-19 20:47:05 . 2010-02-19 21:24:38 401408 ------w- G:\WINDOWS\Setup1.exe

2010-02-19 20:46:57 . 2010-02-19 21:24:35 73216 ----a-w- G:\WINDOWS\ST6UNST.EXE

2010-02-18 17:02:39 . 2006-11-11 10:25:20 66944 ----a-w- G:\WINDOWS\system32\drivers\thdudf.sys

2010-02-18 17:02:37 . 2009-11-19 16:53:36 5632 ----a-w- G:\WINDOWS\system32\drivers\copyhddvdhlp.sys

2010-02-18 17:02:37 . 2009-11-18 23:32:54 42496 ----a-w- G:\WINDOWS\system32\ElbyHlper.dll

2010-02-18 17:02:37 . 2009-11-18 22:15:54 90112 ----a-w- G:\WINDOWS\system32\ElbyCDI0.dll

2010-02-18 17:02:37 . 2009-11-12 03:22:04 104512 ----a-w- G:\WINDOWS\system32\drivers\dvdhlp.sys

2010-02-18 17:02:37 . 2009-10-18 07:45:56 29864 ----a-w- G:\WINDOWS\system32\drivers\ElbyCDI0.sys

2010-02-17 19:02:23 . 2010-02-17 19:02:23 95315 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_4a6b7469.exe

2010-02-17 19:02:23 . 2010-02-17 19:02:23 61203 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_73377782.exe

2010-02-17 19:02:23 . 2010-02-17 19:02:23 57332 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_4afe4714.exe

2010-02-17 19:02:23 . 2010-02-17 19:02:23 53559 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_4a6e1e65.exe

2010-02-17 19:02:23 . 2010-02-17 19:02:23 53394 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_4a724862.exe

2010-02-17 19:02:23 . 2010-02-17 19:02:23 46502 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_76c33809.exe

2010-02-17 19:02:23 . 2010-02-17 19:02:23 3638 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_5366915.exe

2010-02-17 19:02:23 . 2010-02-17 19:02:23 14846 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{20648D17-9B1C-42B8-BBFF-DB2D9E5D6908}\_4a75725e.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-13 23:43:37 . 2009-06-30 13:04:01 -------- d-----w- G:\Documents and Settings\K. Albert 2\Application Data\Skype

2010-03-13 19:24:22 . 2009-06-30 13:07:47 -------- d-----w- G:\Documents and Settings\K. Albert 2\Application Data\skypePM

2010-03-13 19:23:21 . 2009-07-02 12:47:03 -------- d-----w- G:\Program Files\Spyware Terminator

2010-03-13 12:06:14 . 2009-07-02 12:48:23 -------- d-----w- G:\Program Files\WinClamAVShield

2010-03-12 18:22:50 . 2009-06-30 12:50:56 -------- d-----w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6

2010-03-12 12:32:14 . 2009-07-02 12:47:03 -------- d-----w- G:\Documents and Settings\All Users\Application Data\Spyware Terminator

2010-03-12 07:56:50 . 2009-06-30 10:29:48 -------- d-----w- G:\Program Files\Asistente Prodigy

2010-03-12 07:14:31 . 2009-06-30 11:50:01 -------- d-----w- G:\Documents and Settings\All Users\Application Data\Comodo

2010-03-12 07:03:04 . 2009-06-30 11:49:56 -------- d-----w- G:\Program Files\COMODO

2010-03-10 21:56:11 . 2009-07-02 12:47:07 -------- d-----w- G:\Documents and Settings\K. Albert 2\Application Data\Spyware Terminator

2010-03-09 21:23:29 . 2009-07-03 13:48:30 1 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-03-09 04:57:55 . 2009-07-02 12:03:41 -------- d-----w- G:\Documents and Settings\K. Albert 2\Application Data\uTorrent

2010-03-06 06:18:29 . 2009-07-02 12:53:48 -------- d-----w- G:\Program Files\Malwarebytes' Anti-Malware

2010-03-04 15:23:28 . 2009-11-27 11:22:01 117760 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-03-04 15:20:10 . 2009-08-18 21:13:57 5115824 ----a-w- G:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2010-02-28 06:10:57 . 2009-07-03 10:59:56 -------- d-----w- G:\Program Files\PokerStars

2010-02-26 15:41:31 . 2009-12-04 14:10:55 -------- d-----r- G:\Program Files\Skype

2010-02-23 01:54:15 . 2009-11-13 00:24:14 -------- d-----w- G:\Program Files\SystemRequirementsLab

2010-02-23 01:54:03 . 2009-12-30 12:26:22 -------- d-----w- G:\Documents and Settings\K. Albert 2\Application Data\SystemRequirementsLab

2010-02-22 09:30:11 . 2009-07-02 17:28:11 -------- d-----w- G:\Program Files\Common Files\Adobe

2010-02-17 03:56:38 . 2009-06-30 09:48:38 24888 ----a-w- G:\Documents and Settings\K. Albert 2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-02-11 09:09:45 . 2010-02-08 08:30:40 -------- d-----w- G:\Documents and Settings\K. Albert 2\Application Data\Roxio

2010-02-10 02:55:03 . 2010-02-10 02:55:08 214816 ----a-w- G:\WINDOWS\system32\PnkBstrB.exe

2010-02-10 02:54:55 . 2010-02-10 02:54:55 75064 ----a-w- G:\WINDOWS\system32\PnkBstrA.exe

2010-02-09 07:05:31 . 2009-06-30 13:03:51 -------- d-----w- G:\Program Files\Google

2010-02-08 08:26:33 . 2010-02-08 08:22:09 -------- d-----w- G:\Program Files\Common Files\Roxio Shared

2010-02-06 22:42:30 . 2010-02-06 22:42:30 52224 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-02-04 18:01:14 . 2010-02-06 07:21:41 74072 ----a-w- G:\WINDOWS\system32\XAPOFX1_4.dll

2010-02-04 18:01:14 . 2010-02-06 07:21:41 528216 ----a-w- G:\WINDOWS\system32\XAudio2_6.dll

2010-02-04 18:01:14 . 2010-02-06 07:21:40 238936 ----a-w- G:\WINDOWS\system32\xactengine3_6.dll

2010-02-04 18:01:14 . 2010-02-06 07:21:39 22360 ----a-w- G:\WINDOWS\system32\X3DAudio1_7.dll

2010-02-03 17:00:03 . 2010-02-03 17:00:03 -------- d-----w- G:\Documents and Settings\LocalService\Application Data\TuneUp Software

2010-02-03 16:55:20 . 2010-02-03 16:54:20 -------- d-----w- G:\Program Files\TuneUp Utilities 2010

2010-02-03 16:54:47 . 2010-02-03 16:54:47 -------- d-----w- G:\Documents and Settings\K. Albert 2\Application Data\TuneUp Software

2010-02-03 16:54:25 . 2010-02-03 16:53:56 -------- d-----w- G:\Documents and Settings\All Users\Application Data\TuneUp Software

2010-02-03 16:53:39 . 2010-02-03 16:53:39 -------- d-sh--w- G:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

2010-01-29 01:15:22 . 2010-01-29 01:15:22 150016 ------w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\MSNDynFiles.NEW\vid_wide.dll

2010-01-29 01:15:22 . 2010-01-29 01:15:22 148992 ------w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\MSNDynFiles.NEW\vid_fly.dll

2010-01-29 01:15:22 . 2010-01-29 01:15:22 123392 ------w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\MSNDynFiles.NEW\msndupd.exe

2010-01-29 01:14:30 . 2010-01-29 01:14:30 390144 ------w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\MSNDynFiles.NEW\txsrvc.dll

2010-01-29 01:14:24 . 2010-01-29 01:14:24 476672 ------w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\MSNDynFiles.NEW\unicows.dll

2010-01-29 01:14:22 . 2010-01-29 01:14:22 142848 ------w- G:\Documents and Settings\K. Albert 2\Application Data\MSN6\MSNDynFiles.NEW\sbwebext.dll

2010-01-16 16:44:33 . 2009-12-10 09:58:23 -------- d-----w- G:\Documents and Settings\All Users\Application Data\SpinTop Games

2010-01-16 09:48:18 . 2009-07-05 09:55:16 138 ----a-w- G:\WINDOWS\popcinfo.dat

2010-01-14 23:08:30 . 2009-12-03 22:30:04 59664 ----a-w- G:\WINDOWS\system32\drivers\TfSysMon.sys

2010-01-14 23:08:29 . 2009-12-03 22:30:04 33552 ----a-w- G:\WINDOWS\system32\drivers\TfNetMon.sys

2010-01-14 23:08:28 . 2009-12-03 22:30:04 51984 ----a-w- G:\WINDOWS\system32\drivers\TfFsMon.sys

2010-01-14 18:27:27 . 2010-01-14 18:27:27 -------- d-----w- G:\Program Files\Microsoft Research

2010-01-14 10:58:41 . 2010-01-14 10:58:41 421888 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\l\lua51host.6c8dcc3e9f55da70bf5ccd67df48f256.dll

2010-01-14 10:58:41 . 2010-01-14 10:58:41 225280 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\m\myslot.14d73c530d6c095843c7fbfb86364c4e.dll

2010-01-14 10:54:35 . 2010-01-14 10:54:35 290941 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\l\levelupvideopokerxxx.0d52d2ac00db83d9b97c99592ee3aa21.dll

2010-01-14 10:54:35 . 2010-01-14 10:54:35 139264 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\l\levelupvideopokerplugin.d3ee60c36507413ca9ab67247eac5288.dll

2010-01-14 10:54:35 . 2010-01-14 10:54:35 114688 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\l\levelupvideopokergambleplugin.d65fe35ffb2e6dc1b9ea46def3db39dc.dll

2010-01-14 10:52:42 . 2010-01-14 10:52:42 262416 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition_temp.c6aaf42b66fa6688c8ea18a671984287.dll

2010-01-14 10:52:40 . 2010-01-14 10:52:40 655360 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition_flightzone.2d8aa10da872f1ac4a34a2122bf3c4b2.dll

2010-01-14 10:52:40 . 2010-01-14 10:52:40 266512 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition_tggg.399218aff849d2e187d4554dd62a73b6.dll

2010-01-14 10:52:38 . 2010-01-14 10:52:38 679936 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition_septgao_09.04686bb06cfe59ecb3f271eb95218422.dll

2010-01-14 10:52:37 . 2010-01-14 10:52:37 254224 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition.26c3e2ce55c7cca8b63e5e8d7b4627e4.dll

2010-01-14 10:52:36 . 2010-01-14 10:52:36 679936 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition_wealthspa.5a3f4e96415d8b3050681cdd275f3d88.dll

2010-01-14 10:52:35 . 2010-01-14 10:52:35 679936 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition_octgao_09.7768fe95f9efff3962c913196fe05f6a.dll

2010-01-14 10:41:55 . 2010-01-14 10:41:55 114960 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\type_5reelnormal3_4_5.07db0a5618a0565d7bde7a2766c54711.dll

2010-01-14 10:41:17 . 2010-01-14 10:41:17 204905 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\t\thunderstruck.0cc1be68d215832fa06fc779c0b3e069.dll

2010-01-14 10:40:14 . 2010-01-14 10:40:14 618496 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\g\gamble2_wealthspa.a58c586ab4d974ea2d4142fb4d851c2b.dll

2010-01-14 10:38:58 . 2010-01-14 10:38:58 1040384 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_septgao_09.02b3e0bc2a35757d7c030659fd21c70a.dll

2010-01-14 10:33:48 . 2010-01-14 10:33:48 32768 ----a-w- G:\Documents and Settings\All Users\Application Data\MGS\cache\_\_crt_keno.ed975aa9c9bb5e5ec89c8ffeee254e8a.dll

2010-01-08 00:07:14 . 2009-07-02 12:53:50 38224 ----a-w- G:\WINDOWS\system32\drivers\mbamswissarmy.sys

2010-01-08 00:07:04 . 2009-07-02 12:53:48 19160 ----a-w- G:\WINDOWS\system32\drivers\mbam.sys

2009-12-30 12:26:22 . 2009-12-30 12:26:22 138240 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll

2009-12-30 12:26:22 . 2009-12-30 12:26:22 138240 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll

2009-12-30 12:26:22 . 2009-12-30 12:26:22 138240 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll

2009-12-30 12:26:22 . 2009-12-30 12:26:22 138240 ----a-w- G:\Documents and Settings\K. Albert 2\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll

2009-12-15 06:22:44 . 2009-12-15 06:22:44 4846 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{627EAB2D-F5AE-4815-AD8E-79129D7959E7}\MSFileRescue.chm16_627EAB2DF5AE4815AD8E79129D7959E7.exe

2009-12-15 06:22:44 . 2009-12-15 06:22:44 4846 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{627EAB2D-F5AE-4815-AD8E-79129D7959E7}\MSFileRescue.chm15_627EAB2DF5AE4815AD8E79129D7959E7.exe

2009-12-15 06:22:44 . 2009-12-15 06:22:44 4846 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{627EAB2D-F5AE-4815-AD8E-79129D7959E7}\MSFileRescue.chm14_627EAB2DF5AE4815AD8E79129D7959E7.exe

2009-12-15 06:22:44 . 2009-12-15 06:22:44 4846 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{627EAB2D-F5AE-4815-AD8E-79129D7959E7}\MSFileRescue.chm13_627EAB2DF5AE4815AD8E79129D7959E7.exe

2009-12-15 06:22:44 . 2009-12-15 06:22:44 4846 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{627EAB2D-F5AE-4815-AD8E-79129D7959E7}\MSFileRescue.chm12_627EAB2DF5AE4815AD8E79129D7959E7.exe

2009-12-15 06:22:44 . 2009-12-15 06:22:44 4846 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{627EAB2D-F5AE-4815-AD8E-79129D7959E7}\MSFileRescue.chm1_627EAB2DF5AE4815AD8E79129D7959E7.exe

2009-12-15 06:22:43 . 2009-12-15 06:22:43 4846 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{627EAB2D-F5AE-4815-AD8E-79129D7959E7}\MSFileRescue.chm17_627EAB2DF5AE4815AD8E79129D7959E7.exe

2009-12-15 06:22:43 . 2009-12-15 06:22:43 4846 ----a-r- G:\Documents and Settings\K. Albert 2\Application Data\Microsoft\Installer\{627EAB2D-F5AE-4815-AD8E-79129D7959E7}\MSFileRescue.chm11_627EAB2DF5AE4815AD8E79129D7959E7.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="G:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 23:44:34 3883856]

"swg"="G:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-30 13:04:52 39408]

"SpywareTerminatorUpdate"="G:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe" [2009-07-02 12:47:07 3055616]

"Registry Cleaner Scheduler"="H:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe" [2009-11-23 11:12:05 471650]

"SUPERAntiSpyware"="H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-19 21:22:41 2012912]

"Skype"="G:\Program Files\Skype\Phone\Skype.exe" [2010-02-22 20:42:40 26101032]

"FreeRAM XP"="G:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2009-07-02 11:56:18 1591808]

"SpybotSD TeaTimer"="G:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 00:07:20 2260480]

Link to post
Share on other sites

That happens sometimes... :( OK,,,

Please download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

Click Exit on the Main menu to close the program.

Next

  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.44

Database version: 3867

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

3/14/2010 12:30:39 PM

mbam-log-2010-03-14 (12-30-39).txt

Scan type: Quick Scan

Objects scanned: 121890

Time elapsed: 10 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 3

Folders Infected: 1

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

G:\Documents and Settings\K. Albert 2\Local Settings\Application Data\dbatmsound (Trojan.SearchRedir.M) -> Quarantined and deleted successfully.

Files Infected:

(No malicious items detected)

I was told by Malwarebytes to reboot which I did...

Link to post
Share on other sites

How are things now?

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Link to post
Share on other sites

KASPERSKY ONLINE SCANNER 7.0: scan report

Sunday, March 14, 2010

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Sunday, March 14, 2010 17:38:40

Records in database: 3796912

Scan settings

scan using the following database extended

Scan archives yes

Scan e-mail databases yes

Scan area My Computer

A:\

E:\

F:\

G:\

H:\

Scan statistics

Objects scanned 140870

Threats found 4

Infected objects found 4

Suspicious objects found 0

Scan duration 06:23:11

File name Threat Threats count

G:\WINDOWS\system32\drivers\atapi.sys Infected: Rootkit.Win32.TDSS.u 1

H:\DOWNLOADS\Collection of Cool PC Games\Diego Dinosaur\DiegoDinosaurAdv.rar Infected: Trojan-Dropper.Win32.Delf.ejh 1

H:\DOWNLOADS\Collection of Cool PC Games\MysterySolitaire\MysterySolitaireSecretIslandSetup.exe Infected: Trojan-Downloader.Win32.Agent.cina 1

H:\DOWNLOADS\Collection of Cool PC Games\Obscura\ObscuraSetup.exe Infected: Trojan-Dropper.Win32.Delf.eze 1

Selected area has been scanned.

Link to post
Share on other sites

Yep it's still there. And we'll deal with you H drive later... :(

Please read the following through carefully so that you understand what to do.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • It may ask you to reboot the computer to complete the process. Allow it to do so.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Link to post
Share on other sites

It left 2 (two) tex files.... I put them both here

06:19:42:062 3516 TDSS rootkit removing tool 2.2.8 Mar 10 2010 15:53:20

06:19:42:062 3516 ================================================================================

06:19:42:062 3516 SystemInfo:

06:19:42:062 3516 OS Version: 5.1.2600 ServicePack: 3.0

06:19:42:062 3516 Product type: Workstation

06:19:42:062 3516 ComputerName: ALBERT2

06:19:42:062 3516 UserName: K. Albert 2

06:19:42:062 3516 Windows directory: G:\WINDOWS

06:19:42:062 3516 Processor architecture: Intel x86

06:19:42:062 3516 Number of processors: 1

06:19:42:062 3516 Page size: 0x1000

06:19:42:234 3516 Boot type: Normal boot

06:19:42:234 3516 ================================================================================

06:19:42:265 3516 UnloadDriverW: NtUnloadDriver error 2

06:19:42:265 3516 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2

06:19:42:625 3516 wfopen_ex: Trying to open file G:\WINDOWS\system32\config\system

06:19:42:640 3516 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

06:19:42:640 3516 wfopen_ex: Trying to KLMD file open

06:19:42:640 3516 wfopen_ex: File opened ok (Flags 2)

06:19:42:640 3516 wfopen_ex: Trying to open file G:\WINDOWS\system32\config\software

06:19:42:656 3516 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

06:19:42:656 3516 wfopen_ex: Trying to KLMD file open

06:19:42:656 3516 wfopen_ex: File opened ok (Flags 2)

06:19:42:656 3516 Initialize success

06:19:42:656 3516

06:19:42:656 3516 Scanning Services ...

06:19:43:015 3516 GetAdvancedServicesInfo: Raw services enum returned 380 services

06:19:43:031 3516

06:19:43:031 3516 Scanning Kernel memory ...

06:19:43:031 3516 Devices to scan: 4

06:19:43:031 3516

06:19:43:031 3516 Driver Name: Disk

06:19:43:031 3516 IRP_MJ_CREATE : F763DBB0

06:19:43:031 3516 IRP_MJ_CREATE_NAMED_PIPE : 804FA87E

06:19:43:031 3516 IRP_MJ_CLOSE : F763DBB0

06:19:43:031 3516 IRP_MJ_READ : F7637D1F

06:19:43:031 3516 IRP_MJ_WRITE : F7637D1F

06:19:43:031 3516 IRP_MJ_QUERY_INFORMATION : 804FA87E

06:19:43:031 3516 IRP_MJ_SET_INFORMATION : 804FA87E

06:19:43:031 3516 IRP_MJ_QUERY_EA : 804FA87E

06:19:43:031 3516 IRP_MJ_SET_EA : 804FA87E

06:19:43:031 3516 IRP_MJ_FLUSH_BUFFERS : F76382E2

06:19:43:031 3516 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA87E

06:19:43:031 3516 IRP_MJ_SET_VOLUME_INFORMATION : 804FA87E

06:19:43:031 3516 IRP_MJ_DIRECTORY_CONTROL : 804FA87E

06:19:43:031 3516 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA87E

06:19:43:031 3516 IRP_MJ_DEVICE_CONTROL : F76383BB

06:19:43:031 3516 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BF28

06:19:43:031 3516 IRP_MJ_SHUTDOWN : F76382E2

06:19:43:031 3516 IRP_MJ_LOCK_CONTROL : 804FA87E

06:19:43:031 3516 IRP_MJ_CLEANUP : 804FA87E

06:19:43:031 3516 IRP_MJ_CREATE_MAILSLOT : 804FA87E

06:19:43:031 3516 IRP_MJ_QUERY_SECURITY : 804FA87E

06:19:43:031 3516 IRP_MJ_SET_SECURITY : 804FA87E

06:19:43:031 3516 IRP_MJ_POWER : F7639C82

06:19:43:031 3516 IRP_MJ_SYSTEM_CONTROL : F763E99E

06:19:43:031 3516 IRP_MJ_DEVICE_CHANGE : 804FA87E

06:19:43:031 3516 IRP_MJ_QUERY_QUOTA : 804FA87E

06:19:43:031 3516 IRP_MJ_SET_QUOTA : 804FA87E

06:19:43:062 3516 G:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1

06:19:43:062 3516

06:19:43:062 3516 Driver Name: Disk

06:19:43:062 3516 IRP_MJ_CREATE : F763DBB0

06:19:43:062 3516 IRP_MJ_CREATE_NAMED_PIPE : 804FA87E

06:19:43:062 3516 IRP_MJ_CLOSE : F763DBB0

06:19:43:062 3516 IRP_MJ_READ : F7637D1F

06:19:43:062 3516 IRP_MJ_WRITE : F7637D1F

06:19:43:062 3516 IRP_MJ_QUERY_INFORMATION : 804FA87E

06:19:43:062 3516 IRP_MJ_SET_INFORMATION : 804FA87E

06:19:43:062 3516 IRP_MJ_QUERY_EA : 804FA87E

06:19:43:062 3516 IRP_MJ_SET_EA : 804FA87E

06:19:43:062 3516 IRP_MJ_FLUSH_BUFFERS : F76382E2

06:19:43:062 3516 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA87E

06:19:43:062 3516 IRP_MJ_SET_VOLUME_INFORMATION : 804FA87E

06:19:43:062 3516 IRP_MJ_DIRECTORY_CONTROL : 804FA87E

06:19:43:062 3516 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA87E

06:19:43:078 3516 IRP_MJ_DEVICE_CONTROL : F76383BB

06:19:43:078 3516 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BF28

06:19:43:078 3516 IRP_MJ_SHUTDOWN : F76382E2

06:19:43:078 3516 IRP_MJ_LOCK_CONTROL : 804FA87E

06:19:43:078 3516 IRP_MJ_CLEANUP : 804FA87E

06:19:43:078 3516 IRP_MJ_CREATE_MAILSLOT : 804FA87E

06:19:43:078 3516 IRP_MJ_QUERY_SECURITY : 804FA87E

06:19:43:078 3516 IRP_MJ_SET_SECURITY : 804FA87E

06:19:43:078 3516 IRP_MJ_POWER : F7639C82

06:19:43:078 3516 IRP_MJ_SYSTEM_CONTROL : F763E99E

06:19:43:078 3516 IRP_MJ_DEVICE_CHANGE : 804FA87E

06:19:43:078 3516 IRP_MJ_QUERY_QUOTA : 804FA87E

06:19:43:078 3516 IRP_MJ_SET_QUOTA : 804FA87E

06:19:43:093 3516 G:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1

06:19:43:093 3516

06:19:43:093 3516 Driver Name: atapi

06:19:43:093 3516 IRP_MJ_CREATE : F74A46F2

06:19:43:093 3516 IRP_MJ_CREATE_NAMED_PIPE : 804FA87E

06:19:43:093 3516 IRP_MJ_CLOSE : F74A46F2

06:19:43:109 3516 IRP_MJ_READ : 804FA87E

06:19:43:109 3516 IRP_MJ_WRITE : 804FA87E

06:19:43:109 3516 IRP_MJ_QUERY_INFORMATION : 804FA87E

06:19:43:109 3516 IRP_MJ_SET_INFORMATION : 804FA87E

06:19:43:109 3516 IRP_MJ_QUERY_EA : 804FA87E

06:19:43:109 3516 IRP_MJ_SET_EA : 804FA87E

06:19:43:109 3516 IRP_MJ_FLUSH_BUFFERS : 804FA87E

06:19:43:109 3516 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA87E

06:19:43:109 3516 IRP_MJ_SET_VOLUME_INFORMATION : 804FA87E

06:19:43:109 3516 IRP_MJ_DIRECTORY_CONTROL : 804FA87E

06:19:43:109 3516 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA87E

06:19:43:109 3516 IRP_MJ_DEVICE_CONTROL : F74A4712

06:19:43:109 3516 IRP_MJ_INTERNAL_DEVICE_CONTROL : F74A0852

06:19:43:109 3516 IRP_MJ_SHUTDOWN : 804FA87E

06:19:43:109 3516 IRP_MJ_LOCK_CONTROL : 804FA87E

06:19:43:109 3516 IRP_MJ_CLEANUP : 804FA87E

06:19:43:109 3516 IRP_MJ_CREATE_MAILSLOT : 804FA87E

06:19:43:109 3516 IRP_MJ_QUERY_SECURITY : 804FA87E

06:19:43:109 3516 IRP_MJ_SET_SECURITY : 804FA87E

06:19:43:109 3516 IRP_MJ_POWER : F74A473C

06:19:43:109 3516 IRP_MJ_SYSTEM_CONTROL : F74AB336

06:19:43:109 3516 IRP_MJ_DEVICE_CHANGE : 804FA87E

06:19:43:109 3516 IRP_MJ_QUERY_QUOTA : 804FA87E

06:19:43:109 3516 IRP_MJ_SET_QUOTA : 804FA87E

06:19:43:156 3516 G:\WINDOWS\system32\drivers\atapi.sys - Verdict: 1

06:19:43:156 3516

06:19:43:156 3516 Driver Name: atapi

06:19:43:156 3516 IRP_MJ_CREATE : F74A46F2

06:19:43:156 3516 IRP_MJ_CREATE_NAMED_PIPE : 804FA87E

06:19:43:156 3516 IRP_MJ_CLOSE : F74A46F2

06:19:43:156 3516 IRP_MJ_READ : 804FA87E

06:19:43:156 3516 IRP_MJ_WRITE : 804FA87E

06:19:43:156 3516 IRP_MJ_QUERY_INFORMATION : 804FA87E

06:19:43:156 3516 IRP_MJ_SET_INFORMATION : 804FA87E

06:19:43:156 3516 IRP_MJ_QUERY_EA : 804FA87E

06:19:43:156 3516 IRP_MJ_SET_EA : 804FA87E

06:19:43:156 3516 IRP_MJ_FLUSH_BUFFERS : 804FA87E

06:19:43:156 3516 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA87E

06:19:43:156 3516 IRP_MJ_SET_VOLUME_INFORMATION : 804FA87E

06:19:43:156 3516 IRP_MJ_DIRECTORY_CONTROL : 804FA87E

06:19:43:156 3516 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA87E

06:19:43:156 3516 IRP_MJ_DEVICE_CONTROL : F74A4712

06:19:43:156 3516 IRP_MJ_INTERNAL_DEVICE_CONTROL : F74A0852

06:19:43:156 3516 IRP_MJ_SHUTDOWN : 804FA87E

06:19:43:156 3516 IRP_MJ_LOCK_CONTROL : 804FA87E

06:19:43:156 3516 IRP_MJ_CLEANUP : 804FA87E

06:19:43:156 3516 IRP_MJ_CREATE_MAILSLOT : 804FA87E

06:19:43:156 3516 IRP_MJ_QUERY_SECURITY : 804FA87E

06:19:43:156 3516 IRP_MJ_SET_SECURITY : 804FA87E

06:19:43:156 3516 IRP_MJ_POWER : F74A473C

06:19:43:156 3516 IRP_MJ_SYSTEM_CONTROL : F74AB336

06:19:43:156 3516 IRP_MJ_DEVICE_CHANGE : 804FA87E

06:19:43:156 3516 IRP_MJ_QUERY_QUOTA : 804FA87E

06:19:43:156 3516 IRP_MJ_SET_QUOTA : 804FA87E

06:19:43:171 3516 G:\WINDOWS\system32\drivers\atapi.sys - Verdict: 1

06:19:43:171 3516

06:19:43:171 3516 Completed

06:19:43:171 3516

06:19:43:187 3516 Results:

06:19:43:187 3516 Memory objects infected / cured / cured on reboot: 0 / 0 / 0

06:19:43:187 3516 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

06:19:43:187 3516 File objects infected / cured / cured on reboot: 0 / 0 / 0

06:19:43:187 3516

06:19:43:187 3516 fclose_ex: Trying to close file G:\WINDOWS\system32\config\system

06:19:43:187 3516 fclose_ex: Trying to close file G:\WINDOWS\system32\config\software

06:19:43:203 3516 KLMD(ARK) unloaded successfully

06:20:39:937 4616 TDSS rootkit removing tool 2.2.8 Mar 10 2010 15:53:20

06:20:39:937 4616 ================================================================================

06:20:39:937 4616 SystemInfo:

06:20:39:937 4616 OS Version: 5.1.2600 ServicePack: 3.0

06:20:39:937 4616 Product type: Workstation

06:20:39:937 4616 ComputerName: ALBERT2

06:20:39:937 4616 UserName: K. Albert 2

06:20:39:937 4616 Windows directory: G:\WINDOWS

06:20:39:937 4616 Processor architecture: Intel x86

06:20:39:937 4616 Number of processors: 1

06:20:39:937 4616 Page size: 0x1000

06:20:40:078 4616 Boot type: Normal boot

06:20:40:078 4616 ================================================================================

06:20:40:093 4616 UnloadDriverW: NtUnloadDriver error 2

06:20:40:093 4616 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2

06:20:40:421 4616 wfopen_ex: Trying to open file G:\WINDOWS\system32\config\system

06:20:40:421 4616 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

06:20:40:421 4616 wfopen_ex: Trying to KLMD file open

06:20:40:421 4616 wfopen_ex: File opened ok (Flags 2)

06:20:40:421 4616 wfopen_ex: Trying to open file G:\WINDOWS\system32\config\software

06:20:40:453 4616 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

06:20:40:453 4616 wfopen_ex: Trying to KLMD file open

06:20:40:453 4616 wfopen_ex: File opened ok (Flags 2)

06:20:40:453 4616 Initialize success

06:20:40:453 4616

06:20:40:453 4616 Scanning Services ...

06:20:40:906 4616 GetAdvancedServicesInfo: Raw services enum returned 380 services

06:20:40:921 4616

06:20:40:921 4616 Scanning Kernel memory ...

06:20:40:921 4616 Devices to scan: 4

06:20:40:921 4616

06:20:40:921 4616 Driver Name: Disk

06:20:40:921 4616 IRP_MJ_CREATE : F763DBB0

06:20:40:921 4616 IRP_MJ_CREATE_NAMED_PIPE : 804FA87E

06:20:40:921 4616 IRP_MJ_CLOSE : F763DBB0

06:20:40:921 4616 IRP_MJ_READ : F7637D1F

06:20:40:921 4616 IRP_MJ_WRITE : F7637D1F

06:20:40:921 4616 IRP_MJ_QUERY_INFORMATION : 804FA87E

06:20:40:921 4616 IRP_MJ_SET_INFORMATION : 804FA87E

06:20:40:921 4616 IRP_MJ_QUERY_EA : 804FA87E

06:20:40:921 4616 IRP_MJ_SET_EA : 804FA87E

06:20:40:921 4616 IRP_MJ_FLUSH_BUFFERS : F76382E2

06:20:40:921 4616 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA87E

06:20:40:921 4616 IRP_MJ_SET_VOLUME_INFORMATION : 804FA87E

06:20:40:921 4616 IRP_MJ_DIRECTORY_CONTROL : 804FA87E

06:20:40:921 4616 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA87E

06:20:40:921 4616 IRP_MJ_DEVICE_CONTROL : F76383BB

06:20:40:921 4616 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BF28

06:20:40:921 4616 IRP_MJ_SHUTDOWN : F76382E2

06:20:40:921 4616 IRP_MJ_LOCK_CONTROL : 804FA87E

06:20:40:921 4616 IRP_MJ_CLEANUP : 804FA87E

06:20:40:921 4616 IRP_MJ_CREATE_MAILSLOT : 804FA87E

06:20:40:921 4616 IRP_MJ_QUERY_SECURITY : 804FA87E

06:20:40:921 4616 IRP_MJ_SET_SECURITY : 804FA87E

06:20:40:921 4616 IRP_MJ_POWER : F7639C82

06:20:40:921 4616 IRP_MJ_SYSTEM_CONTROL : F763E99E

06:20:40:921 4616 IRP_MJ_DEVICE_CHANGE : 804FA87E

06:20:40:921 4616 IRP_MJ_QUERY_QUOTA : 804FA87E

06:20:40:921 4616 IRP_MJ_SET_QUOTA : 804FA87E

06:20:40:937 4616 G:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1

06:20:40:937 4616

06:20:40:937 4616 Driver Name: Disk

06:20:40:937 4616 IRP_MJ_CREATE : F763DBB0

06:20:40:937 4616 IRP_MJ_CREATE_NAMED_PIPE : 804FA87E

06:20:40:937 4616 IRP_MJ_CLOSE : F763DBB0

06:20:40:937 4616 IRP_MJ_READ : F7637D1F

06:20:40:937 4616 IRP_MJ_WRITE : F7637D1F

06:20:40:937 4616 IRP_MJ_QUERY_INFORMATION : 804FA87E

06:20:40:937 4616 IRP_MJ_SET_INFORMATION : 804FA87E

06:20:40:937 4616 IRP_MJ_QUERY_EA : 804FA87E

06:20:40:937 4616 IRP_MJ_SET_EA : 804FA87E

06:20:40:937 4616 IRP_MJ_FLUSH_BUFFERS : F76382E2

06:20:40:937 4616 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA87E

06:20:40:937 4616 IRP_MJ_SET_VOLUME_INFORMATION : 804FA87E

06:20:40:937 4616 IRP_MJ_DIRECTORY_CONTROL : 804FA87E

06:20:40:937 4616 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA87E

06:20:40:953 4616 IRP_MJ_DEVICE_CONTROL : F76383BB

06:20:40:953 4616 IRP_MJ_INTERNAL_DEVICE_CONTROL : F763BF28

06:20:40:953 4616 IRP_MJ_SHUTDOWN : F76382E2

06:20:40:953 4616 IRP_MJ_LOCK_CONTROL : 804FA87E

06:20:40:953 4616 IRP_MJ_CLEANUP : 804FA87E

06:20:40:953 4616 IRP_MJ_CREATE_MAILSLOT : 804FA87E

06:20:40:953 4616 IRP_MJ_QUERY_SECURITY : 804FA87E

06:20:40:953 4616 IRP_MJ_SET_SECURITY : 804FA87E

06:20:40:953 4616 IRP_MJ_POWER : F7639C82

06:20:40:953 4616 IRP_MJ_SYSTEM_CONTROL : F763E99E

06:20:40:953 4616 IRP_MJ_DEVICE_CHANGE : 804FA87E

06:20:40:953 4616 IRP_MJ_QUERY_QUOTA : 804FA87E

06:20:40:953 4616 IRP_MJ_SET_QUOTA : 804FA87E

06:20:40:968 4616 G:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1

06:20:40:968 4616

06:20:40:968 4616 Driver Name: atapi

06:20:40:968 4616 IRP_MJ_CREATE : F74A46F2

06:20:40:968 4616 IRP_MJ_CREATE_NAMED_PIPE : 804FA87E

06:20:40:968 4616 IRP_MJ_CLOSE : F74A46F2

06:20:40:968 4616 IRP_MJ_READ : 804FA87E

06:20:40:968 4616 IRP_MJ_WRITE : 804FA87E

06:20:40:968 4616 IRP_MJ_QUERY_INFORMATION : 804FA87E

06:20:40:968 4616 IRP_MJ_SET_INFORMATION : 804FA87E

06:20:40:968 4616 IRP_MJ_QUERY_EA : 804FA87E

06:20:40:968 4616 IRP_MJ_SET_EA : 804FA87E

06:20:40:968 4616 IRP_MJ_FLUSH_BUFFERS : 804FA87E

06:20:40:968 4616 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA87E

06:20:40:968 4616 IRP_MJ_SET_VOLUME_INFORMATION : 804FA87E

06:20:40:968 4616 IRP_MJ_DIRECTORY_CONTROL : 804FA87E

06:20:40:968 4616 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA87E

06:20:40:968 4616 IRP_MJ_DEVICE_CONTROL : F74A4712

06:20:40:968 4616 IRP_MJ_INTERNAL_DEVICE_CONTROL : F74A0852

06:20:40:968 4616 IRP_MJ_SHUTDOWN : 804FA87E

06:20:40:968 4616 IRP_MJ_LOCK_CONTROL : 804FA87E

06:20:40:968 4616 IRP_MJ_CLEANUP : 804FA87E

06:20:40:968 4616 IRP_MJ_CREATE_MAILSLOT : 804FA87E

06:20:40:968 4616 IRP_MJ_QUERY_SECURITY : 804FA87E

06:20:40:968 4616 IRP_MJ_SET_SECURITY : 804FA87E

06:20:40:968 4616 IRP_MJ_POWER : F74A473C

06:20:40:968 4616 IRP_MJ_SYSTEM_CONTROL : F74AB336

06:20:40:968 4616 IRP_MJ_DEVICE_CHANGE : 804FA87E

06:20:40:968 4616 IRP_MJ_QUERY_QUOTA : 804FA87E

06:20:40:968 4616 IRP_MJ_SET_QUOTA : 804FA87E

06:20:41:015 4616 G:\WINDOWS\system32\drivers\atapi.sys - Verdict: 1

06:20:41:015 4616

06:20:41:015 4616 Driver Name: atapi

06:20:41:015 4616 IRP_MJ_CREATE : F74A46F2

06:20:41:015 4616 IRP_MJ_CREATE_NAMED_PIPE : 804FA87E

06:20:41:015 4616 IRP_MJ_CLOSE : F74A46F2

06:20:41:015 4616 IRP_MJ_READ : 804FA87E

06:20:41:015 4616 IRP_MJ_WRITE : 804FA87E

06:20:41:015 4616 IRP_MJ_QUERY_INFORMATION : 804FA87E

06:20:41:015 4616 IRP_MJ_SET_INFORMATION : 804FA87E

06:20:41:015 4616 IRP_MJ_QUERY_EA : 804FA87E

06:20:41:015 4616 IRP_MJ_SET_EA : 804FA87E

06:20:41:015 4616 IRP_MJ_FLUSH_BUFFERS : 804FA87E

06:20:41:015 4616 IRP_MJ_QUERY_VOLUME_INFORMATION : 804FA87E

06:20:41:015 4616 IRP_MJ_SET_VOLUME_INFORMATION : 804FA87E

06:20:41:015 4616 IRP_MJ_DIRECTORY_CONTROL : 804FA87E

06:20:41:015 4616 IRP_MJ_FILE_SYSTEM_CONTROL : 804FA87E

06:20:41:015 4616 IRP_MJ_DEVICE_CONTROL : F74A4712

06:20:41:015 4616 IRP_MJ_INTERNAL_DEVICE_CONTROL : F74A0852

06:20:41:015 4616 IRP_MJ_SHUTDOWN : 804FA87E

06:20:41:015 4616 IRP_MJ_LOCK_CONTROL : 804FA87E

06:20:41:015 4616 IRP_MJ_CLEANUP : 804FA87E

06:20:41:015 4616 IRP_MJ_CREATE_MAILSLOT : 804FA87E

06:20:41:015 4616 IRP_MJ_QUERY_SECURITY : 804FA87E

06:20:41:015 4616 IRP_MJ_SET_SECURITY : 804FA87E

06:20:41:015 4616 IRP_MJ_POWER : F74A473C

06:20:41:015 4616 IRP_MJ_SYSTEM_CONTROL : F74AB336

06:20:41:015 4616 IRP_MJ_DEVICE_CHANGE : 804FA87E

06:20:41:015 4616 IRP_MJ_QUERY_QUOTA : 804FA87E

06:20:41:015 4616 IRP_MJ_SET_QUOTA : 804FA87E

06:20:41:046 4616 G:\WINDOWS\system32\drivers\atapi.sys - Verdict: 1

06:20:41:046 4616

06:20:41:046 4616 Completed

06:20:41:046 4616

06:20:41:046 4616 Results:

06:20:41:046 4616 Memory objects infected / cured / cured on reboot: 0 / 0 / 0

06:20:41:046 4616 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

06:20:41:046 4616 File objects infected / cured / cured on reboot: 0 / 0 / 0

06:20:41:046 4616

06:20:41:046 4616 fclose_ex: Trying to close file G:\WINDOWS\system32\config\system

06:20:41:046 4616 fclose_ex: Trying to close file G:\WINDOWS\system32\config\software

06:20:41:062 4616 KLMD(ARK) unloaded successfully

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.